kauppine

I'm experiencing this same issue. I am using SonarQube 8.9.8 with plugin version 3.0.1 and Dependency-Check 7.1.1 I'm also using Jenkins to analyze .csproj files with NuGet dependencies. It seems...

@Reamer Sure, I would gladly help. Do you have any tips or advice for debugging this plugin? And the problem is that if the pull request introduces new vulnerabilities, they...

I took some look into it and noticed that SonarSource has this item in their backlog: https://portal.productboard.com/sonarsource/3-sonarqube/c/295-new-pull-request-issues-on-unchanged-code It says that "Currently, Pull Request analysis don’t report new issues raised on...

It does not work currently in Jenkins, from Jenkins logs I can the plugin trying to use literal path `C:\jenkins\${WORKSPACE}\dependency-check-report.json` I think the culprit is this method not resolving envs:...

I also stumbled upon this previously and after looking around in the code, I noticed that the file-list only works with containers (zip, clickonce etc.). As a workaround, you could...