You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Using a report from a node.js project, doesn't report all vulnerabilities ( node.js checker add some vulnerabilities from NVD, or from npm, and NPM doesn't use the same format )
To Reproduce
Steps to reproduce the behavior:
Run dependency-checker on a node project, with vulnerability
Run sonarqubescanner
See the vulnerabilities coming from npm are skipped
Current behavior
Vulnerabilities reported by NPM are skipped
Expected behavior
The plugin send npm vulnerabilities to sonarqube
Versions (please complete the following information):
dependency-check : 5.0.0-M2
sonarqube : 7.7
dependency-check-sonar-plugin : 1.2.3
Additional context
I'll push a merge request, containing :
failing test ( just loading the report )
complete report.xml ( 6MB, unreadable by human, can be used for bench test )
short report.xml ( containing a vulnerability from nvd, one from npm, and one without vulnerability) .
( the project is not so big, So I think report.xml can be really huge ) .
The text was updated successfully, but these errors were encountered:
Describe the bug
Using a report from a node.js project, doesn't report all vulnerabilities ( node.js checker add some vulnerabilities from NVD, or from npm, and NPM doesn't use the same format )
To Reproduce
Steps to reproduce the behavior:
Current behavior
Vulnerabilities reported by NPM are skipped
Expected behavior
The plugin send npm vulnerabilities to sonarqube
Versions (please complete the following information):
Additional context
I'll push a merge request, containing :
( the project is not so big, So I think report.xml can be really huge ) .
The text was updated successfully, but these errors were encountered: