...
- Follow the instructions for installing SonarQube at https://docs.sonarqube.org/display/SONAR/Installing+a+Plugin
- Get the plugin from https://github.com/blackducksoftware/hub-sonarqube/releases
- Copy the plugin JAR file to the
extensions/plugins/
directory of your SonarQube installation and then start restart the server. - Configure the sonar-project.properties file with the project name, project version, and source directory.
- Configure the Black Duck SonarQube plugin properties file with the global and project-level properties for the Black Duck SonarQube plugin.
- Run sonar-scanner in the base directory of the project to be scanned with Black Duck SonarQube installed and configured.
Black Duck SonarQube does not perform a Black Duck scan, but instead examines
...
- a previously-scanned Black Duck project, gathers its Black Duck Bill of Materials (BOM) components, and compares the matched files from the Black Duck to the local files.
Requirements
- SonarQube versions 6.7.1 or higher.
- Black Duck Black Duck versions 4.2.0 or higher.
- Java versions 8 or higher.
- Black Duck Signature Scanner.
...