Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No HTML-Report found. Please check property sonar.dependencyCheck.htmlReportPath error in Sonarqube UI when using dependency-check plugin #1013

Closed
Krishpluto opened this issue Oct 25, 2024 · 5 comments
Closed

No HTML-Report found. Please check property sonar.dependencyCheck.htmlReportPath error in Sonarqube UI when using dependency-check plugin #1013

Krishpluto opened this issue Oct 25, 2024 · 5 comments
Labels
bug lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@Krishpluto
Copy link

Krishpluto commented Oct 25, 2024
edited
Loading

Describe the bug
In Gitlab, we are currently working on integrating our project with SonarQube. Our gitlab project has been set up and integrated with the Sonarqube community edition. However, when the dependency check is run from the yaml file, the Dependency check plugin does not display the report in Sonarqube. Instead, it shows the message "No HTML-Report found. Please check property sonar.dependencyCheck.htmlReportPath," despite the correct path being set up in our script files. We are seeking guidance on how to correctly set up the integration, in case it was done incorrectly, as we haven't found suitable setup examples. We would appreciate advice on how to proceed.

Current behavior
Error is showing in the place of dependency report "No HTML-Report found. Please check property sonar.dependencyCheck.htmlReportPath"

Expected behavior
Dependency report should display in the SonarQube

Screenshots
image

Versions (please complete the following information):

  • sonarqube - 10.6
  • dependency-check-sonar-plugin - 5.0.0

Additional context
Please find the Sonar related part in Gitlab yml file below:

sonarqube:
  # allow_failure: true
  variables:
    SONAR_USER_HOME:
      value: "${CI_PROJECT_DIR}/.sonar"
  rules:
    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_COMMIT_REF_NAME

sonarqube-vulnerability-report-merge-requests:
  stage: test-report
  image:
    name: node:lts
  before_script:
    - npm install -g sonar-report
  script:
    - sonar-report
      --sonarurl $SONAR_HOST_URL
      --sonartoken $SONAR_TOKEN
      --project="Sonar Report"
      --application $SONAR_PROJECT_KEY
      --release $CI_COMMIT_SHA
      --pullrequest $CI_MERGE_REQUEST_ID
      --sonarcomponent $SONAR_PROJECT_KEY
      --allbugs
      --no-security-hotspot
      --output="sonar-report_sonar-report.html"
  artifacts:
    name: "sonar-report"
    paths:
      - sonar-report_sonar-report.html
    expire_in: 1 Day
    expose_as: "Vulnerability Report"
  allow_failure: true
  rules:
    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_COMMIT_REF_NAME

sonar-projects.properties file:

sonar.projectKey=*****
sonar.projectName=*****
sonar.verbose=false
sonar.host.url=******
sonar.links.homepage=******
sonar.links.scm=*******
sonar.links.ci=******

sonar.dependencyCheck.htmlReportPath=sonar-report_sonar-report.html
sonar.dependencyCheck.jsonReportPath=sonar-report_sonar-report.json
sonar.dependencyCheck.severity.blocker=6.0
sonar.dependencyCheck.severity.critical=4.0
sonar.dependencyCheck.severity.major=2.0
sonar.dependencyCheck.severity.minor=0.0

sonar.dependencyCheck.securityHotspot=true

sonar.shellcheck.reportPath=shellcheck-report.json
sonar.python.version=3.10
sonar.python.coverage.reportPaths=coverage.xml

sonar.dockerfile.dockerfilePaths=Dockerfile

sonar.qualitygate.wait=true
sonar.qualitygate.timeout=300
@Krishpluto Krishpluto added the bug label Oct 25, 2024
@Reamer
Copy link
Member

Reamer commented Dec 5, 2024

The path is usually set incorrectly. Take a look at the debug log output of the SonarQube agent/plugin.

@Gh0stR0ck
Copy link

The path is usually set incorrectly. Take a look at the debug log output of the SonarQube agent/plugin.

I'm having the same problem. I have that normal ${WORKSPACE}/dependency-check-report.json as path. I also cannot find the plugin map in de agent directory.

@mbialas
Copy link

mbialas commented Jan 14, 2025
edited
Loading

I would have assumed this plugin would generate a report, so i'm confused by these errors:

Dependency-Check JSON report does not exists. Please check property sonar.dependencyCheck.jsonReportPath:/Users/myuser/projects/test-repo/dependency-check-report.json

Dependency-Check HTML report does not exists. Please check property sonar.dependencyCheck.htmlReportPath:/Users/myuser/projects/test-repo/dependency-check-report.html

I can create those files in my project:
touch dependency-check-report.json
touch dependency-check-report.html

And that stops the errors, but there are still no file contents -- they remain blank after it runs.

@Reamer
Copy link
Member

Reamer commented Jan 15, 2025

Please read the Readme.md

This SonarQube plugin does not perform analysis, rather, it reads existing Dependency-Check reports.

@github-actions GitHub Actions
Copy link

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 17, 2025
@Reamer Reamer closed this as completed Mar 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Reamer @mbialas @Gh0stR0ck @Krishpluto