Can't see CVEs (vulnerabilities) on Sonar UI under Project>Issues. Used to see them in the past. Has anything changed?
We're using a combination of Jenkins and Sonar Plugin of OWASP DependencyCheck https://owasp.org/www-project-dependency-check/. The reports in HTML and JSON getting generated during pipeline build in Jenkins and also could see html reports from Project>More>Dependency Check in Sonar, but the vulnerabilities (CVEss) are no longer listed under Project>Issues>Security Category>OWASP Top 10 in Sonar. We were able to see the CVEs there in the past.
Has anything been changed?
We were able to see them before like shown in the screenshot below
Version of dependency-check used
Jenkins Dependency Check plugin: 5.4.0
Sonar Dependency check plugin: 3.0.1
I read about this https://sonarsource.atlassian.net/browse/SONAR-11970 but not sure if that's the reason behind now showing up CVEs under OWASP Top 10 category.
I fixed this issue, there was a compatibility issue with the dependency-check version I was using in Jenkins. Downgrading the dependency-check version fixed the issue.
- Jenkins Pipeline's deleteDir() fails with java.nio.file.AccessDeniedException exception
- Can I create dynamically stages in a Jenkins pipeline?
- From which branch is the Jenkinsfile loaded
- Docker cloud agent - Can I use local image instead of publishing to Docker hub
- Terraform version error when deploying to AWS through jenkins?
- Sonarqube: Missing blame information for the following files
- jenkins pipeline not complete after npm start
- Jenkins pipeline trigger build on code changes from specific branch
- Jenkins groovy postbuild alternative
- Running Selenium in headless mode via Linux causes errors
- Jenkins build agent docker specify docker file name
- Suppress Scripted Pipelines Output in Jenkins
- How do I list all of my Jenkins credentials in the script console?
- Jenkins Host key verification failed
- Attach Volume EFS in ECS
- Git Plugin for Jenkins Fails to Connect to Repository
- Flutter Jenkins flutter not found issue
- How to add a file I create in groovy in Jenkinsfile to the artifacts?
- Jenkins sudo: a terminal is required to read the password
- how to disable jenkins pipeline job
- Jenkins active choices from the cli
- Jenkins slave and Maven Project
- Failed to connect to repository : Error performing git command: git ls-remote -h ***public github url *** HEAD
- Continue Build on Jenkins when JUnit stage fails
- Jenkins: Using external scripts vs coding the job in Groovy
- Jenkins in-process script approval
- How to get Jenkins lockable resources parameters with matrix plugin
- How to deploy war file to Tomcat from Jenkins without using plugin
- Managing artifacts locally
- Jenkins timeout/abort exception