Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Sonarqube + dependency-check plugin for dotnet #473

New issue
Copy link
New issue
Copy link
Open
Open
Sonarqube + dependency-check plugin for dotnet#473
Copy link
Labels
buglifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.Indicates that an issue or PR should not be auto-closed due to staleness.
@RunFox

Description

@RunFox
RunFox
opened on Jul 27, 2021
Issue body actions

Hello, I am use Sonarqube EE 8.4.2 with Dependency-Check plugin v 2.0.6
SonarQube parse json-report. But in logs for dotnet-project i see such info warning:
“INFO: No project configuration file, e.g. pom.xml, .gradle,.gradle.kts,package-lock.json found, therefore it isn’t possible to correctly link dependencies in file”.
And then:
“INFO: Linking 41 dependencies”
Can you tell me, please, what does it mean for dotnet-project and does it affect to work with vulnerable dependencies in sonar? As i see, sonar linking dependencies and create vulnerability in project page.

Metadata

Metadata

Assignees

No one assigned

    Labels

    buglifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.Indicates that an issue or PR should not be auto-closed due to staleness.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      Morty Proxy This is a proxified and sanitized view of the page, visit original site.