From 8c7af1b0af42580336b46b307fe55a5d15299df8 Mon Sep 17 00:00:00 2001 From: Philipp Dallig Date: Thu, 4 Feb 2021 12:47:13 +0100 Subject: [PATCH 1/3] Remove bintray https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/ --- README.md | 5 ++--- RELEASE.md | 7 +++---- pom.xml | 16 ---------------- 3 files changed, 5 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 0f880835..9eba90ba 100755 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ![Build Status](https://github.com/dependency-check/dependency-check-sonar-plugin/workflows/build/badge.svg?branch=master) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/e9cebd3112ec4252804bba68a5b44071)](https://www.codacy.com/manual/dependency-check/dependency-check-sonar-plugin?utm_source=github.com&utm_medium=referral&utm_content=dependency-check/dependency-check-sonar-plugin&utm_campaign=Badge_Grade) -[![Download](https://api.bintray.com/packages/dependency-check/owasp/sonar-dependency-check/images/download.svg)](https://bintray.com/dependency-check/owasp/sonar-dependency-check/_latestVersion) +[![Download](https://img.shields.io/github/v/release/dependency-check/dependency-check-sonar-plugin)](https://github.com/dependency-check/dependency-check-sonar-plugin/releases/latest) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=dependency-check_dependency-check-sonar-plugin&metric=alert_status)](https://sonarcloud.io/dashboard?id=dependency-check_dependency-check-sonar-plugin) [![Coverage](https://sonarcloud.io/api/project_badges/measure?project=dependency-check_dependency-check-sonar-plugin&metric=coverage)](https://sonarcloud.io/dashboard?id=dependency-check_dependency-check-sonar-plugin) [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=dependency-check_dependency-check-sonar-plugin&metric=security_rating)](https://sonarcloud.io/dashboard?id=dependency-check_dependency-check-sonar-plugin) @@ -56,7 +56,7 @@ This plugin used the same project setup as [sonar-custom-plugin-example][]. Chec ## Distribution -Ready to use binaries are available from [GitHub][] and [bintray][]. +Ready to use binaries are available from [GitHub][]. ## Plugin version compatibility @@ -144,6 +144,5 @@ Permission to modify and redistribute is granted under the terms of the [LGPLv3] [dependency-check]: https://www.owasp.org/index.php/OWASP_Dependency_Check [sonarqube 5.x]: https://github.com/dependency-check/dependency-check-sonar-plugin/tree/SonarQube_5.x [sonarqube 6.x]: https://github.com/dependency-check/dependency-check-sonar-plugin/tree/SonarQube_6.x -[bintray]: https://bintray.com/dependency-check/owasp/sonar-dependency-check [sonar-custom-plugin-example]: https://github.com/SonarSource/sonar-custom-plugin-example [security-hotspot]: https://docs.sonarqube.org/latest/user-guide/security-hotspots/ diff --git a/RELEASE.md b/RELEASE.md index 684e1665..2bf958cc 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,14 +1,13 @@ # Releasing -## Deploy Release to GitHub and Bintray +## Deploy Release to GitHub -Deployment to GitHub and Bintray should be done automatic. +Deployment to GitHub should be done automatic. ```bash mvn release:prepare release:perform ``` ## Deploy SNAPSHOT to GitHub -Deploy SNAPSHOTs to Bintray is not possible. Therefore we skip bintray, when we deploy manuell to GitHub. ```bash -mvn clean deploy -Pskip-bintray +mvn clean deploy ``` diff --git a/pom.xml b/pom.xml index ce223bd3..17717cb6 100755 --- a/pom.xml +++ b/pom.xml @@ -68,14 +68,6 @@ https://travis-ci.org/dependency-check/dependency-check-sonar-plugin - - - bintray-dependency-check-owasp - dependency-check-owasp - https://api.bintray.com/maven/dependency-check/owasp/sonar-dependency-check/;publish=1 - - - sonar-dependency-check-plugin @@ -145,12 +137,4 @@ - - - skip-bintray - - true - - - From 87d0fa41af9eda3a437ea005a705cfb932c0fe27 Mon Sep 17 00:00:00 2001 From: Philipp Dallig Date: Thu, 4 Feb 2021 12:47:26 +0100 Subject: [PATCH 2/3] Readme improvements --- README.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 9eba90ba..031b86ea 100755 --- a/README.md +++ b/README.md @@ -1,12 +1,13 @@ +# Dependency-Check Plugin for SonarQube 7.x and 8.x + ![Build Status](https://github.com/dependency-check/dependency-check-sonar-plugin/workflows/build/badge.svg?branch=master) -[![Codacy Badge](https://api.codacy.com/project/badge/Grade/e9cebd3112ec4252804bba68a5b44071)](https://www.codacy.com/manual/dependency-check/dependency-check-sonar-plugin?utm_source=github.com&utm_medium=referral&utm_content=dependency-check/dependency-check-sonar-plugin&utm_campaign=Badge_Grade) +[![Codacy Badge](https://api.codacy.com/project/badge/Grade/e9cebd3112ec4252804bba68a5b44071)](https://www.codacy.com/manual/dependency-check/dependency-check-sonar-plugin?utm_source=github.com&utm_medium=referral&utm_content=dependency-check/dependency-check-sonar-plugin&utm_campaign=Badge_Grade) [![Download](https://img.shields.io/github/v/release/dependency-check/dependency-check-sonar-plugin)](https://github.com/dependency-check/dependency-check-sonar-plugin/releases/latest) +![Downloads](https://img.shields.io/github/downloads/dependency-check/dependency-check-sonar-plugin/total) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=dependency-check_dependency-check-sonar-plugin&metric=alert_status)](https://sonarcloud.io/dashboard?id=dependency-check_dependency-check-sonar-plugin) [![Coverage](https://sonarcloud.io/api/project_badges/measure?project=dependency-check_dependency-check-sonar-plugin&metric=coverage)](https://sonarcloud.io/dashboard?id=dependency-check_dependency-check-sonar-plugin) [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=dependency-check_dependency-check-sonar-plugin&metric=security_rating)](https://sonarcloud.io/dashboard?id=dependency-check_dependency-check-sonar-plugin) -# Dependency-Check Plugin for SonarQube 7.x and 8.x - Integrates [Dependency-Check][] reports into SonarQube v7.9 or higher. The project will try to backport all code from master branch to last supported LTS. Please see the [SonarQube 6.x][] or [SonarQube 5.x][] branch for old supported version. @@ -62,12 +63,12 @@ Ready to use binaries are available from [GitHub][]. Please use the newest minor version. Keep in mind, that SonarQube 5.6 LTS and SonarQube 6.7 LTS are not supported anymore. -| Plugin Version | SonarQube version | -|-----------------|--------------------------| -| 2.0.6 and up | SonarQube 7.9 LTS and up | -| 1.2.x - 2.0.5 | SonarQube 7.6 and up | -| 1.1.x | SonarQube 6.7 LTS | -| 1.0.3 | SonarQube 5.6 LTS | +| Plugin Version | SonarQube version | +| -------------- | ------------------------ | +| 2.0.6 and up | SonarQube 7.9 LTS and up | +| 1.2.x - 2.0.5 | SonarQube 7.6 and up | +| 1.1.x | SonarQube 6.7 LTS | +| 1.0.3 | SonarQube 5.6 LTS | ## Installation @@ -89,7 +90,7 @@ sonar.dependencyCheck.htmlReportPath=${WORKSPACE}/dependency-check-report.html In this example, all supported reports (JSON, XML and HTML) are specified. This plugin prefers the JSON over the XML report. At the moment the XML report isn't deprecated, but that might be an option in future. Only the JSON/XML report is required, however, if the HTML report is also available, it greatly enhances the usability of the SonarQube plugin by incorporating the actual Dependency-Check HTML report in the SonarQube project. -This plugin tries to add SonarQube issues to your project configuration files (e.g. pom.xml, *.gradle, package-json.lock). Please make sure, that these files are part of `sonar.sources`. +This plugin tries to add SonarQube issues to your project configuration files (e.g. pom.xml, \*.gradle, package-json.lock). Please make sure, that these files are part of `sonar.sources`. To configure the severity of the created issues you can optionally specify the minimum score for each severity with the following parameter. Specify a score of `-1` to completely disable a severity. @@ -124,6 +125,7 @@ sonar.dependencyCheck.securityHotspot=false (default) ## Ecosystem Dependency-Check is available as a: + - Command-line utility - Ant Task - Gradle Plugin From 61997ba8e09c3ee9c323c5f6250657e712b4a52b Mon Sep 17 00:00:00 2001 From: Philipp Dallig Date: Thu, 4 Feb 2021 13:23:33 +0100 Subject: [PATCH 3/3] migrate codacy --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 031b86ea..65299c43 100755 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Dependency-Check Plugin for SonarQube 7.x and 8.x ![Build Status](https://github.com/dependency-check/dependency-check-sonar-plugin/workflows/build/badge.svg?branch=master) -[![Codacy Badge](https://api.codacy.com/project/badge/Grade/e9cebd3112ec4252804bba68a5b44071)](https://www.codacy.com/manual/dependency-check/dependency-check-sonar-plugin?utm_source=github.com&utm_medium=referral&utm_content=dependency-check/dependency-check-sonar-plugin&utm_campaign=Badge_Grade) +[![Codacy Badge](https://app.codacy.com/project/badge/Grade/e9cebd3112ec4252804bba68a5b44071)](https://www.codacy.com/gh/dependency-check/dependency-check-sonar-plugin/dashboard?utm_source=github.com&utm_medium=referral&utm_content=dependency-check/dependency-check-sonar-plugin&utm_campaign=Badge_Grade) [![Download](https://img.shields.io/github/v/release/dependency-check/dependency-check-sonar-plugin)](https://github.com/dependency-check/dependency-check-sonar-plugin/releases/latest) ![Downloads](https://img.shields.io/github/downloads/dependency-check/dependency-check-sonar-plugin/total) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=dependency-check_dependency-check-sonar-plugin&metric=alert_status)](https://sonarcloud.io/dashboard?id=dependency-check_dependency-check-sonar-plugin)