forked from bitegarden/bitegarden.github.io
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sonarcloud-dependency-check.html
284 lines (256 loc) · 12.1 KB
/
sonarcloud-dependency-check.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
---
layout: page
title: bitegarden Dependency Check for SonarCloud
description: This product will allow you to import the information from your Dependecy Check to your SonarCloud instance
permalink: /sonarcloud-dependency-check
trial: /sonarcloud-dependency-check-trial-form
---
<section id="global-header-product">
<div class="container">
<div class="row">
<div class="col-md-12">
<div class="block">
<h1>Dependency Check for SonarCloud</h1>
<p>Sync Dependency Check information with your SonarCloud </p>
<a class="btn btn-default fancybox price-button" href="#product-block-center" style="padding:10px 30px">TRY NOW</a> <a href="#product-block-center" style="padding:10px 30px" class="btn btn-primary fancybox">BUY NOW</a>
</div>
</div>
</div>
</div>
</section>
<div style="padding: 40px 0"></div>
<section id="main-feature">
<div class="container">
<div class="row">
<div class="col-md-6 col-sm-12">
<div class="block">
<div class="section-title">
<h3>Sync Dependecy Check analysis with your SonarCloud</h3>
<hr>
<p>Want to import useful Dependecy Check information to your SonarCloud instance?</p>
</div>
<p><strong>bitegarden Dependency Check for SonarCloud</strong> is what you need.
<br>
<br>
Thanks to this bitegarden product you can convert the information registered in Dependecy Check and import it to SonarCloud.
<br>
<br>
Now you can have the complete analysis of your code in one place, centralizing the information and facilitating the development of quality and safe code. </p>
<p class="center-text">
<br>
<a class="btn btn-default btn-call-to-action fancybox" href="">TRY IT FREE</a>
<a class="btn btn-primary btn-call-to-action fancybox" referrerpolicy="unsafe-url"
href="">BUY NOW</a>
</p>
</div>
</div><!-- .col-md-6 close -->
<div class="col-md-6 col-sm-12">
<div class="block">
<img width="100%" src="img/sonarcloud-dependency-check/sonarcloud-dependency-check-logo.png" alt="Dependecy Check for SonarCloud" />
</div>
</div><!-- .col-md-6 close -->
</div>
</div>
</section>
<div style="padding: 40px 0"></div>
<section id="feature-description">
<div class="container">
<div class="row">
<div class="col-md-6 col-sm-12">
<div class="block">
<div>
<h3>Features</h3>
<hr>
</div>
<p>Currently SonarCloud does not support the <strong>Dependency Check</strong>solution.
So if you want to use it, the only option is to use SonarQube.
<br>
<br>
However, thanks to our <strong>bitegarden Dependency Check for SonarCloud</strong>
you can use it in your SonarCloud instance. All you have to do is:
<br>
<br>
- <strong>Analyze your projects with Dependecy Check</strong> as you have always done. <br><br>
- Use our product to <strong>convert the </strong> file that generates the Dependency Check (JSON or XML) to the format
required by SonarCloud.<br><br>
- <strong>Import it to SonarCloud</strong> and check for vulnerabilities without leaving your instance. <br><br>
Below is documentation explaining how to import vulnerabilities into your SonarCloud analysis, including the file
generated using the <strong>sonar.externalIssuesReportPaths</strong> parameter.
<br>
<br>
<a href="https://docs.sonarsource.com/sonarcloud/enriching/generic-issue-data/#import">Access the documentation here.</a>
<br>
<br>
</p>
</div>
</div><!-- .col-md-6 close -->
<div class="col-md-6 col-sm-12">
<div class="block">
<img width="100%" src="/img/sonarcloud-dependency-check/sonarcloud-dependency-check-trial-issues.png" alt="Issues SonarCloud" />
</div>
</div><!-- .col-md-6 close -->
</div>
</div>
</section>
<section id="usage">
<div class="container">
<div class="row">
<div class="col-md-12 col-sm-12">
<div class="block">
<div>
<h3>First steps</h3>
<hr>
</div>
<p>
<strong>bitegarden Dependecy Check for SonarCloud™</strong> requires Java 8 or higher.
</p>
<br/>
<h4>Quick Guide: generate a file with the vulnerabilities of a Dependency Check report for your SonarCloud&trade project;</h4>
<br/>
<p>
Once you’ve <a href="sonarcloud-dependency-check-trial-form">downloaded</a> the product will have an auto executable "jar" file.
</p>
<p>
Simply place it in your file system and run the jar with the "-help" option to see all available options:
<pre>java -jar bitegarden-dependency-check-for-sonarcloud.jar --help</pre>
</p>
<p>
The result should show you all available options:
</p>
<p>
<pre>...
bitegarden Dependency Check for SonarCloud (1.0). Copyright (C) 2024 bitegarden. All rights reserved. www.bitegarden.com
Loading properties from command line (-Dname=value)... if found, it will override configuration file properties
No configuration found.
bitegarden Dependency Check for SonarCloud. Command Line usage:
java -Dconfig.file=PATH_TO_CONFIG_FILE -Dlicense.file=PATH_TO_LICENSE_FILE ... -jar bitegarden-dependency-check-for-sonarcloud-1.0.jar
config.file = path to properties file including all the parameters required to generate the reports.
This is optional. You can set all the properties through command line args using -DpropertyName=propertyValue
Note that if you use a config file and command line arguments, arguments will override config file
license.file = path to file with your license key provided by bitegarden.
By default a 14 days trial version will be used if license file is not provided
Mandatory properties:
dependency.check.file = path to Dependency-Check file. Compatible formats (JSON and XML)
sonar.organizationKey = your organization key used to create license.
Optional properties:
vulnerabilities.file.path = path to project file to add new vulnerabilities in SonarCloud
output = File name for the generated report (Without .json extension)
...</pre></p>
<p>
All properties can be provided through the command line as system arguments using "-D" or through a file
custom configuration.
</p>
<p>
If you use a custom configuration file you must run the application with the argument "-Dconfig.file" providing the path to your file
of properties with the configuration:
<pre>java <strong> -Dconfig.file=config.properties </strong> -jar bitegarden-dependency-check-for-sonarcloud.jar --help</pre>
</p>
<p>
If you prefer you can pass all options through the command line with "-D":
<pre>java <strong> -Ddependency.check.file=vulnerabilities.json</strong> -Dsonar.organitzationKey=bitegarden -jar bitegarden-dependency-check-for-sonarcloud.jar --help</pre>
</p>
<p>
If an option is defined on both sites (one configuration file and one argument per command line), the value provided on the command line will be used.
This way you can have a common configuration file with shared properties (such as sonar.organizationKey) and then simply use the arguments
for specific options such as "dependency.check.file", for example.
</p>
</div>
<div>
<h3>Using license key</h3>
<hr>
</div>
<p>
By default when you download the product you can use for 14 days in evaluation mode.
Once the evaluation is complete, you will need to purchase the product and obtain a valid license key.
The license key is provided in a text file. To use this license file you must set
the "license.file" property with the path to the license file in your configuration file (or via a command line argument).
The license is tied to your organization’s key.
Here’s an example to generate a report using a product license via a command line argument:
<pre>java -Dconfig.file=config.properties -Dlicense.file=PATH_TO_LICENSE_FILE -jar bitegarden-dependency-check-for-sonarcloud.jar --help</pre>
</p>
<div>
<div>
<h3>Support and resolution of problems</h3>
<hr>
</div>
<p>
If you have any problems please create a support request on our
<a target="_blank" href="https://bitegarden.atlassian.net/servicedesk/customer/portal/1">support center</a> and
we will be happy to help you find a solution.
</p>
<a class="btn btn-default btn-call-to-action fancybox" href="https://bitegarden.atlassian.net/servicedesk/customer/portal/1">Requests support</a>
</div><!-- .col-md-6 close -->
</div>
</div>
</section>
<div style="padding: 40px 0"></div>
<section id="product-block-center">
<div class="container">
<div class="row">
<div class="col-md-12">
<div class="block">
<h2>Get your Dependency Check for SonarCloud right now!</h2><br><br>
</div>
</div>
</div>
<div class="row">
<div class="col-md-2">
</div>
<div class="col-md-3" style="width: 34%!important;">
<div class="mod modPriceBox ">
<div class="info" style="padding-top: 30px">
<h3 style="color:#000; text-transform: uppercase;">Free Trial</h3>
<p class="desc"></p>
<p class="price">
<span class="number">Evaluation license</span>
</p>
</div>
<div class="features">
<ul>
<li class="">14 days evaluation license</li>
<li class="even">After submitting the form your download will start including an embedded trial key</li>
</ul>
</div>
<div>
<a class="btn btn-default fancybox price-button" href="/sonarcloud-dependency-check-trial-form" style="text-transform: uppercase;">Download and Try</a>
</div>
</div>
</div>
<div class="col-md-2">
</div>
<div class="col-md-3" style="width: 34%!important;">
<div class="mod modPriceBox featured">
<div class="info" style="padding-top: 30px">
<h3 style="color:#000; text-transform: uppercase;">Buy License</h3>
<p class="desc"></p>
<p class="price">
<span class="number">450 €/year</span>
</p>
</div>
<div class="features">
<ul>
<li class="">Per organization of SonarCloud</li>
<li class="even">Including upgrading and support.</li>
<li class="">When you purchase the producct you agree with <a
href="{{ site.baseurl }}/pdf/bitegarden-terms-and-conditions.pdf">terms and conditions</a>.
</li>
<li class="even">Don't forget to include your email. We will send the license to that email.</li>
</ul>
</div>
<div id="payment-options">
<p style="color:#000;text-transform: uppercase;font-size:16px;font-weight: bold;">Payment method</p>
<p>
<a class="btn btn-primary fancybox" referrerpolicy="unsafe-url"
href="{{ site.paypal.backendUrl }}?pluginKey=bitegarden-dependency-check-for-sonarcloud&platform=sonarcloud" target="_blank" style="padding:10px 30px;">CREDIT CARD OR PAYPAL</a>
</p>
<p>
<a href="/bank-transfer-request" class="btn btn-primary fancybox" style="padding:10px 60px;">BANK TRANSFER</a>
</p>
</div>
</div>
</div>
<div class="col-md-2">
</div>
</div>
</div>
</section>