Loading README.md +2 −2 Original line number Diff line number Diff line Loading @@ -114,7 +114,7 @@ SonarQube is specific: contrary to other jobs, sonar job does not generate any a In order to launch SonarQube HTML-report generation, the following variables must be set: - SONAR_URL (used by sonar template) - SONAR_AUTH_TOKEN (used by sonar template) - SONAR_TOKEN (used by sonar template) - DEFECTDOJO_SONARQUBE_APPLICATION - DEFECTDOJO_SONARQUBE_PROJECT_KEY Loading @@ -133,7 +133,7 @@ sonar-report \ --project="${DEFECTDOJO_SONARQUBE_PROJECT_KEY}" \ --application="${DEFECTDOJO_SONARQUBE_APPLICATION}" \ --branch="${CI_COMMIT_REF_NAME}" \ --sonartoken="${SONAR_AUTH_TOKEN}" \ --sonartoken="${SONAR_TOKEN}" \ --sinceleakperiod="${DEFECTDOJO_SONARQUBE_SINCELEAKPERIOD}" \ --noSecurityHotspot="${DEFECTDOJO_SONARQUBE_NOSECURITYHOTSPOT}" \ --allbugs="${DEFECTDOJO_SONARQUBE_ALLBUGS}" > "$sonar_report" Loading templates/gitlab-ci-defectdojo.yml +7 −2 Original line number Diff line number Diff line Loading @@ -172,7 +172,12 @@ variables: # Sonar # template: sonar sonarqube_report=0 if [ -n "${SONAR_URL}" ] && [ -n "${SONAR_AUTH_TOKEN}" ] && [ -n "${DEFECTDOJO_SONARQUBE_PROJECT_KEY}" ] && [ -n "${DEFECTDOJO_SONARQUBE_APPLICATION}" ]; then if [[ "$SONAR_AUTH_TOKEN" ]] && [[ -z "$SONAR_TOKEN" ]] then log_warn '$SONAR_AUTH_TOKEN variable detected: use $SONAR_TOKEN instead (see doc)' export SONAR_TOKEN="$SONAR_AUTH_TOKEN" fi if [ -n "${SONAR_URL}" ] && [ -n "${SONAR_TOKEN}" ] && [ -n "${DEFECTDOJO_SONARQUBE_PROJECT_KEY}" ] && [ -n "${DEFECTDOJO_SONARQUBE_APPLICATION}" ]; then sonar_report="sonar-report.html" log_info "sonar-report will call ${SONAR_URL}/api/issues/search?componentKeys=${DEFECTDOJO_SONARQUBE_PROJECT_KEY}&ps=500&p=1&statuses=OPEN,CONFIRMED,REOPENED&resolutions=&s=STATUS&asc=no&types=VULNERABILITY" sonar-report \ Loading @@ -181,7 +186,7 @@ variables: --project="${DEFECTDOJO_SONARQUBE_PROJECT_KEY}" \ --application="${DEFECTDOJO_SONARQUBE_APPLICATION}" \ --branch="${CI_COMMIT_REF_NAME}" \ --sonartoken="${SONAR_AUTH_TOKEN}" \ --sonartoken="${SONAR_TOKEN}" \ --sinceleakperiod="${DEFECTDOJO_SONARQUBE_SINCELEAKPERIOD}" \ --noSecurityHotspot="${DEFECTDOJO_SONARQUBE_NOSECURITYHOTSPOT}" \ --allbugs="${DEFECTDOJO_SONARQUBE_ALLBUGS}" > "$sonar_report" Loading Loading
README.md +2 −2 Original line number Diff line number Diff line Loading @@ -114,7 +114,7 @@ SonarQube is specific: contrary to other jobs, sonar job does not generate any a In order to launch SonarQube HTML-report generation, the following variables must be set: - SONAR_URL (used by sonar template) - SONAR_AUTH_TOKEN (used by sonar template) - SONAR_TOKEN (used by sonar template) - DEFECTDOJO_SONARQUBE_APPLICATION - DEFECTDOJO_SONARQUBE_PROJECT_KEY Loading @@ -133,7 +133,7 @@ sonar-report \ --project="${DEFECTDOJO_SONARQUBE_PROJECT_KEY}" \ --application="${DEFECTDOJO_SONARQUBE_APPLICATION}" \ --branch="${CI_COMMIT_REF_NAME}" \ --sonartoken="${SONAR_AUTH_TOKEN}" \ --sonartoken="${SONAR_TOKEN}" \ --sinceleakperiod="${DEFECTDOJO_SONARQUBE_SINCELEAKPERIOD}" \ --noSecurityHotspot="${DEFECTDOJO_SONARQUBE_NOSECURITYHOTSPOT}" \ --allbugs="${DEFECTDOJO_SONARQUBE_ALLBUGS}" > "$sonar_report" Loading
templates/gitlab-ci-defectdojo.yml +7 −2 Original line number Diff line number Diff line Loading @@ -172,7 +172,12 @@ variables: # Sonar # template: sonar sonarqube_report=0 if [ -n "${SONAR_URL}" ] && [ -n "${SONAR_AUTH_TOKEN}" ] && [ -n "${DEFECTDOJO_SONARQUBE_PROJECT_KEY}" ] && [ -n "${DEFECTDOJO_SONARQUBE_APPLICATION}" ]; then if [[ "$SONAR_AUTH_TOKEN" ]] && [[ -z "$SONAR_TOKEN" ]] then log_warn '$SONAR_AUTH_TOKEN variable detected: use $SONAR_TOKEN instead (see doc)' export SONAR_TOKEN="$SONAR_AUTH_TOKEN" fi if [ -n "${SONAR_URL}" ] && [ -n "${SONAR_TOKEN}" ] && [ -n "${DEFECTDOJO_SONARQUBE_PROJECT_KEY}" ] && [ -n "${DEFECTDOJO_SONARQUBE_APPLICATION}" ]; then sonar_report="sonar-report.html" log_info "sonar-report will call ${SONAR_URL}/api/issues/search?componentKeys=${DEFECTDOJO_SONARQUBE_PROJECT_KEY}&ps=500&p=1&statuses=OPEN,CONFIRMED,REOPENED&resolutions=&s=STATUS&asc=no&types=VULNERABILITY" sonar-report \ Loading @@ -181,7 +186,7 @@ variables: --project="${DEFECTDOJO_SONARQUBE_PROJECT_KEY}" \ --application="${DEFECTDOJO_SONARQUBE_APPLICATION}" \ --branch="${CI_COMMIT_REF_NAME}" \ --sonartoken="${SONAR_AUTH_TOKEN}" \ --sonartoken="${SONAR_TOKEN}" \ --sinceleakperiod="${DEFECTDOJO_SONARQUBE_SINCELEAKPERIOD}" \ --noSecurityHotspot="${DEFECTDOJO_SONARQUBE_NOSECURITYHOTSPOT}" \ --allbugs="${DEFECTDOJO_SONARQUBE_ALLBUGS}" > "$sonar_report" Loading
