Versions Compared

Old Version 13

changes.mady.by.user Kevin Kastning

Saved on

compared with

New Version 14

changes.mady.by.user Ray O'Meara

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Version 1.12.10

Table of Contents

Overview

...

For additional version compatibility information, refer to https://docs.sonarqube.org/display/DEV/API+Changes.

Installing the plugin

To install the Black Duck SonarQube plugin, refer to the SonarQube installation procedures , located at for the manual installation steps at https://docs.sonarqube.org/display/SONAR/Installing+a+Plugin
Get the latest releases for the plugin at https://github.com/blackducksoftware/hub-sonarqube/releases

Using the Black Duck SonarQube plugin

When the sonar-scanner is run with Black Duck SonarQube installed and configured, it uses inclusion patterns to collect a list of local binaries , and compares them with a Black Duck project version. By default, the plugin attempts to locate a Black Duck project version using the name and version from the SonarQube project being scanned.  This can be overridden in sonar-project.properties file. Note that Black Duck SonarQube does not perform a Black Duck scan, but instead examines an already-scanned Black Duck project, gathers its Black Duck Bill of Materials (BOM) components, and compares the matched files from the Black Duck to the local files. Metrics are attached to shared components , and displayed in the SonarQube UI under Your_project_nameMore > Black Duck Black Duck Security Analysis. The displayed metrics are:

  • Component ratings
  • High, medium, and low-security vulnerabilities
  • Number of vulnerable components

...

Anchor
sonarqube_RN
sonarqube_RN
Release Notes

Version 1.2.0
Resolved issues
  • Resolved an authentication issue with Black Duck.
Changed features
  • Updated plugin to support Black Duck version 2019.12.0 and later.
Version 1.1.1
  • Added compatibility for Black Duck Hub version 4.5.0.
Version 1.1.0
Resolved issues
  • Resolved an issue wherein the page extension may fail if no comparison is performed.
  • Incorporated additional logging during metric creation.
  • Expanded the functionality of the HubServerConfigBuilder's createValidator() property to validate the global configuration before scanning.
  • Previously, invalid inclusion patterns provided by the user may have caused unexpected behavior and/or incorrect file matching. In version 1.1.0, logging is added around its logic. In these cases, invalid patterns are ignored, and a warning is logged.

...

Setting this property could produce the error, "File <FILE_NAME> can't be indexed twice. Please check that inclusion/exclusion patterns produce disjoint sets for main and test files." This means you should explicitly set the properties sonar.inclusions and sonar.exclusions. More information on these properties can be found in the SonarQube Analysis Parameters documentation.

Version 1.0.0
  • First The first release of the product.