admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add OWASP Dependency-Check integration for SonarQube

Browse Source 
- Add sonar.dependencyCheck.jsonReportPath and htmlReportPath to sonar-project.properties
- Add Dependency-Check action scanning composer.lock and package.json
- Generate JSON and HTML reports for SonarQube analysis
- Add to ci.yml sonarqube job and sonarqube.yml workflow

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Serreau Jovann
2026-03-19 14:41:25 +01:00
parent 7474ada434
commit 7cce3a2999
3 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sonar-project.properties
View File

@@ -11,3 +11,5 @@ sonar.test.inclusions=tests/**/*.php,tests/js/**/*.test.js
sonar.javascript.lcov.reportPaths=coverage/lcov.info
sonar.eslint.reportPaths=eslint-report.json
sonar.docker.hadolint.reportPaths=hadolint-dev.json,hadolint-prod.json
sonar.dependencyCheck.jsonReportPath=dependency-check-report.json
sonar.dependencyCheck.htmlReportPath=dependency-check-report.html