integrate with sonarqube #53
Comments
|
If puma scan is installed via a NuGet package, it appears that Sonar supports importing those warnings: https://docs.sonarqube.org/pages/viewpage.action?pageId=11640944. |
|
Comment from duplicate issue: I actually want to edit this pumasecurity, create nuget package and then integrate it with sonarqube. May I know how can we create nuget package after editing puma security? |
|
We encourage folks to fork our repository, make customizations, and contribute back via a merge request if you'd like to enhance the project. Are you looking to create a sonar integration only, or do you have also have custom rules that you'd like to integrate as well? Overall, I would start by looking in the Puma.Security.Parser project, which parses the build results (MSBuild) and pulls out all of the SEC### issues. This project currently exports the data to MSBuild and SARIF formatted results. This project could easily be enhanced to call the Sonar API and upload the Puma results to a given Sonar project. |
Answering your nuget question, the Rules project is configured to build a nuget package during each build. It is output into the Rules/bin/Debug|Release directory. |
|
Severity Code Description Project File Line Suppression State I am getting this error when i am trying to build the solution. Can you please help me in overcoming this problem? |
|
We just released v2.1.0.0 this morning. I'd recommend pulling the latest code. It is now targeting .NET Standard 2.0 instead of the full framework. This will get us on the same page. |
|
Did you get this integration working? If so, willing to contribute back for other folks? We have had a lot of people ask about how to do this. Even just a write up of how to do it would be very helpful. |
|
It was working when I tried it some couple of days back. I never tried after that. |
I want to integrate this project with sonarqube. Is there any way to do this?
The text was updated successfully, but these errors were encountered: