Can't see CVEs (vulnerabilities) on Sonar UI under Project>Issues. Used to see them in the past. Has anything changed?

huangapple go评论57阅读模式
英文:

Can't see CVEs (vulnerabilities) on Sonar UI under Project>Issues. Used to see them in the past. Has anything changed?

问题

我们正在使用Jenkins和OWASP DependencyCheck的Sonar插件的组合 https://owasp.org/www-project-dependency-check/。在Jenkins中的流水线构建过程中生成了HTML和JSON报告,还可以在Sonar的Project>More>Dependency Check中看到HTML报告,但是在Sonar的Project>Issues>Security Category>OWASP Top 10中不再列出漏洞(CVEss),我们以前能够在那里看到CVEs。

有什么变化吗?

以前我们能够看到它们,就像下面的截图所示。

Can't see CVEs (vulnerabilities) on Sonar UI under Project>Issues. Used to see them in the past. Has anything changed?

所使用的dependency-check版本

Jenkins Dependency Check插件:5.4.0
Sonar Dependency check插件:3.0.1

我阅读了这个https://sonarsource.atlassian.net/browse/SONAR-11970,但不确定是否是不再显示CVEs在OWASP Top 10类别下的原因。

英文:

We're using a combination of Jenkins and Sonar Plugin of OWASP DependencyCheck https://owasp.org/www-project-dependency-check/. The reports in HTML and JSON getting generated during pipeline build in Jenkins and also could see html reports from Project>More>Dependency Check in Sonar, but the vulnerabilities (CVEss) are no longer listed under Project>Issues>Security Category>OWASP Top 10 in Sonar. We were able to see the CVEs there in the past.

Has anything been changed?

We were able to see them before like shown in the screenshot below

Can't see CVEs (vulnerabilities) on Sonar UI under Project>Issues. Used to see them in the past. Has anything changed?

Version of dependency-check used

Jenkins Dependency Check plugin: 5.4.0
Sonar Dependency check plugin: 3.0.1

I read about this https://sonarsource.atlassian.net/browse/SONAR-11970 but not sure if that's the reason behind now showing up CVEs under OWASP Top 10 category.

答案1

得分: 0

我修复了这个问题,与我在Jenkins中使用的dependency-check版本存在兼容性问题。降低dependency-check版本解决了这个问题。

英文:

I fixed this issue, there was a compatibility issue with the dependency-check version I was using in Jenkins. Downgrading the dependency-check version fixed the issue.

huangapple
  • 本文由 发表于 2023年7月12日 20:32:45
  • 转载请务必保留本文链接:https://go.coder-hub.com/76670582.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定