Dependency-Check SonarQube Plugin v1.0.0 Released

[Steve Springett]

I’m pleased to announce the immediate availability of OWASP Dependency-Check plugin v1.0.0 for SonarQube. 

The plugin provides quality metrics and visibility into components with known vulnerabilities directly within the SonarQube dashboard. It is compatible with SonarQube v5.1 and higher and works by parsing Dependency-Check XML reports during a Sonar Runner analysis. Results are processed, measured, and metrics saved and visualized for single and multi-module projects alike.

The versioning and release schedule of the SonarQube plugin will vary from other Dependency-Check components, as the plugin does not have a reliance on the Dependency-Check core library.

Sources and info:

https://github.com/stevespringett/dependency-check-sonar-plugin

Binary:

https://bintray.com/stevespringett/owasp/dependency-check-sonar/_latestVersion

I’m working with the folks at SonarSource to get integrated into the SonarCommunity ecosystem. It’s the goal that future versions of the plugin can be installable directly within the SonarQube user interface.

—Steve