{"id":13815999,"url":"https://github.com/dependency-check/dependency-check-sonar-plugin","last_synced_at":"2026-02-22T05:36:52.430Z","repository":{"id":25706521,"uuid":"29143201","full_name":"dependency-check/dependency-check-sonar-plugin","owner":"dependency-check","description":"Integrates Dependency-Check reports into SonarQube","archived":false,"fork":false,"pushed_at":"2025-10-20T09:24:48.000Z","size":7317,"stargazers_count":681,"open_issues_count":19,"forks_count":145,"subscribers_count":18,"default_branch":"master","last_synced_at":"2026-01-17T14:49:05.157Z","etag":null,"topics":["appsec","component-analysis","nvd","owasp","security","software-security","sonar-plugin","sonarqube","visibility","vulnerabilities","vulnerable-components"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dependency-check.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2015-01-12T15:56:34.000Z","updated_at":"2026-01-16T20:08:08.000Z","dependencies_parsed_at":"2023-02-19T05:46:10.326Z","dependency_job_id":"eb459440-e9c4-4599-8f27-3a7a704f081e","html_url":"https://github.com/dependency-check/dependency-check-sonar-plugin","commit_stats":null,"previous_names":["stevespringett/dependency-check-sonar-plugin"],"tags_count":36,"template":false,"template_full_name":null,"purl":"pkg:github/dependency-check/dependency-check-sonar-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dependency-check%2Fdependency-check-sonar-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dependency-check%2Fdependency-check-sonar-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dependency-check%2Fdependency-check-sonar-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dependency-check%2Fdependency-check-sonar-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dependency-check","download_url":"https://codeload.github.com/dependency-check/dependency-check-sonar-plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dependency-check%2Fdependency-check-sonar-plugin/sbom","scorecard":{"id":334888,"data":{"date":"2025-08-11","repo":{"name":"github.com/dependency-check/dependency-check-sonar-plugin","commit":"2d94dcddb9ea9de9a96fd88a7fd135c8d1cfff07"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Code-Review","score":0,"reason":"Found 1/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"19 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-drafter.yml:14","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/release-drafter.yml:15","Warn: no topLevel permission defined: .github/workflows/release-drafter.yml:1","Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Warn: no topLevel permission defined: .github/workflows/testing.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-drafter.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/dependency-check/dependency-check-sonar-plugin/release-drafter.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/dependency-check/dependency-check-sonar-plugin/stale.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/dependency-check/dependency-check-sonar-plugin/testing.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/dependency-check/dependency-check-sonar-plugin/testing.yml/master?enable=pin","Warn: containerImage not pinned by hash: examples/multi-project-csproj/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/dotnet/sdk:6.0 to mcr.microsoft.com/dotnet/sdk:6.0@sha256:c8fdd06e430de9f4ddd066b475ea350d771f341b77dd5ff4c2fafa748e3f2ef2","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 5.0.0 not signed: https://api.github.com/repos/dependency-check/dependency-check-sonar-plugin/releases/134060037","Warn: release artifact 4.0.1 not signed: https://api.github.com/repos/dependency-check/dependency-check-sonar-plugin/releases/109108933","Warn: release artifact 4.0.0 not signed: https://api.github.com/repos/dependency-check/dependency-check-sonar-plugin/releases/96340718","Warn: release artifact 3.1.0 not signed: https://api.github.com/repos/dependency-check/dependency-check-sonar-plugin/releases/61257551","Warn: release artifact 3.0.1 not signed: https://api.github.com/repos/dependency-check/dependency-check-sonar-plugin/releases/60362887","Warn: release artifact 5.0.0 does not have provenance: https://api.github.com/repos/dependency-check/dependency-check-sonar-plugin/releases/134060037","Warn: release artifact 4.0.1 does not have provenance: https://api.github.com/repos/dependency-check/dependency-check-sonar-plugin/releases/109108933","Warn: release artifact 4.0.0 does not have provenance: https://api.github.com/repos/dependency-check/dependency-check-sonar-plugin/releases/96340718","Warn: release artifact 3.1.0 does not have provenance: https://api.github.com/repos/dependency-check/dependency-check-sonar-plugin/releases/61257551","Warn: release artifact 3.0.1 does not have provenance: https://api.github.com/repos/dependency-check/dependency-check-sonar-plugin/releases/60362887"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":10,"reason":"SAST tool detected","details":["Info: SAST configuration detected: Sonar","Info: SAST configuration detected: Sonar","Warn: 12 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"50 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-6phf-73q6-gh87","Warn: Project is vulnerable to: GHSA-wxr5-93ph-8wr9","Warn: Project is vulnerable to: GHSA-6hgm-866r-3cjv","Warn: Project is vulnerable to: GHSA-fjq5-5j5f-mvxh","Warn: Project is vulnerable to: GHSA-7x9j-7223-rg5m","Warn: Project is vulnerable to: GHSA-fvm3-cfvj-gxqq","Warn: Project is vulnerable to: GHSA-hfrx-6qgj-fp6c","Warn: Project is vulnerable to: GHSA-qx6h-9567-5fqw","Warn: Project is vulnerable to: GHSA-vm69-474v-7q2w","Warn: Project is vulnerable to: GHSA-vv7r-c36w-3prj","Warn: Project is vulnerable to: GHSA-xx68-jfcg-xmmf","Warn: Project is vulnerable to: GHSA-7qwv-cwgj-c8rj","Warn: Project is vulnerable to: GHSA-9848-v244-962p","Warn: Project is vulnerable to: GHSA-p3vw-fvwx-qcv5","Warn: Project is vulnerable to: GHSA-vf8g-mpmw-qv87","Warn: Project is vulnerable to: GHSA-wcgx-2hvx-5cwr","Warn: Project is vulnerable to: GHSA-9339-86wc-4qgf","Warn: Project is vulnerable to: GHSA-rc2w-r4jq-7pfx","Warn: Project is vulnerable to: GHSA-2qrg-x229-3v8q","Warn: Project is vulnerable to: GHSA-65fg-84f6-3jq3","Warn: Project is vulnerable to: GHSA-f7vh-qwp3-x37m","Warn: Project is vulnerable to: GHSA-fp5r-v3w9-4333","Warn: Project is vulnerable to: GHSA-w9p3-5cr8-m3jj","Warn: Project is vulnerable to: GHSA-78wr-2p64-hpwj","Warn: Project is vulnerable to: GHSA-gwrp-pvrq-jmwv","Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx","Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-rmxg-73gg-4p98","Warn: Project is vulnerable to: GHSA-6c3j-c64m-qhgq","Warn: Project is vulnerable to: GHSA-gxr4-xjj5-5px2","Warn: Project is vulnerable to: GHSA-jpcq-cgw6-v4j6","Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp","Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574","Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm","Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-28xh-wpgr-7fm8","Warn: Project is vulnerable to: GHSA-j44m-qm6p-hp7m","Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9","Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw","Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc","Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh","Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T04:29:04.537Z","repository_id":25706521,"created_at":"2025-08-18T04:29:04.537Z","updated_at":"2025-08-18T04:29:04.537Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29705536,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-22T03:17:42.375Z","status":"ssl_error","status_checked_at":"2026-02-22T03:17:31.622Z","response_time":110,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","component-analysis","nvd","owasp","security","software-security","sonar-plugin","sonarqube","visibility","vulnerabilities","vulnerable-components"],"created_at":"2024-08-04T05:00:30.656Z","updated_at":"2026-02-22T05:36:52.400Z","avatar_url":"https://github.com/dependency-check.png","language":"Java","readme":"# Dependency-Check Plugin for SonarQube 10.2 or higher\n\n![Build Status](https://github.com/dependency-check/dependency-check-sonar-plugin/actions/workflows/testing.yml/badge.svg?branch=master)\n[![Codacy Badge](https://app.codacy.com/project/badge/Grade/e9cebd3112ec4252804bba68a5b44071)](https://www.codacy.com/gh/dependency-check/dependency-check-sonar-plugin/dashboard?utm_source=github.com\u0026amp;utm_medium=referral\u0026amp;utm_content=dependency-check/dependency-check-sonar-plugin\u0026amp;utm_campaign=Badge_Grade)\n[![Download](https://img.shields.io/github/v/release/dependency-check/dependency-check-sonar-plugin)](https://github.com/dependency-check/dependency-check-sonar-plugin/releases/latest)\n![Downloads](https://img.shields.io/github/downloads/dependency-check/dependency-check-sonar-plugin/total)\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=dependency-check_dependency-check-sonar-plugin\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=dependency-check_dependency-check-sonar-plugin)\n[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=dependency-check_dependency-check-sonar-plugin\u0026metric=coverage)](https://sonarcloud.io/dashboard?id=dependency-check_dependency-check-sonar-plugin)\n[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=dependency-check_dependency-check-sonar-plugin\u0026metric=security_rating)](https://sonarcloud.io/dashboard?id=dependency-check_dependency-check-sonar-plugin)\n\nIntegrates [Dependency-Check][] reports into SonarQube v10.2 or higher.\n\nThe project will try to backport all code from master branch to last supported LTS. Please see the [SonarQube 6.x][] or [SonarQube 7.x][] branch for old supported version.\n\n## About Dependency-Check\n\nDependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.\n\nDependency-Check supports the identification of project dependencies in a number of different languages including Java, .NET, Node.js, Ruby, and Python.\n\n## Note\n\n**This SonarQube plugin does not perform analysis**, rather, it reads existing Dependency-Check reports. Use one of the other available methods to scan project dependencies and generate the necessary JSON report which can then be consumed by this plugin. Refer to the [Dependency-Check project](https://github.com/jeremylong/DependencyCheck) for relevant [documentation](https://jeremylong.github.io/DependencyCheck/).\n\n## Metrics\n\nThe plugin keeps track of a number of statistics including:\n\n-   Total number of dependencies scanned\n-   Total number of vulnerabilities found across all dependencies\n-   Total number of vulnerable components\n-   Total number of critical, high, medium, and low severity vulnerabilities\n\nAdditionally, the following two metrics are defined:\n\n### Inherited Risk Score (IRS)\n\n```java\n (high * 5) + (medium * 3) + (low * 1)\n```\n\nThe IRS is simply a weighted measurement of the vulnerabilities inherited by the application through the use of vulnerable components. It does not measure the applications actual risk due to those components. The higher the score the more risk the application inherits.\n\n### Vulnerable Component Ratio\n\n(vulnerabilities / vulnerableComponents)\n\nThis is simply a measurement of the number of vulnerabilities to the vulnerable components (as a percentage). A higher percentage indicates that a large number of components contain vulnerabilities. Lower percentages are better.\n\n## Compiling\n\n\u003e $ mvn clean package\n\n### Working with NodeJS\n\n-   Start SonarQube Server\n-   Run `npm start` inside `sonar-dependency-check-plugin`\n    -   Adjust `DEFAULT_PORT`, `PROXY_URL`, `PROXY_CONTEXT_PATH` for your environment\n\n## Distribution\n\nReady to use binaries are available from [GitHub][].\n\n## Plugin version compatibility\n\nPlease use the newest version. Please keep in mind that this plugin only supports the latest SonarQube LTS version, and the latest non SonarQube LTS version.\n\n| Plugin Version | SonarQube version           |\n|----------------|-----------------------------|\n| 5.0.0 and up   | SonarQube 10.2 and up       |\n| 4.0.0 - 4.0.1  | SonarQube 9.9 LTS - 10.2    |\n| 3.0.0 - 3.1.0  | SonarQube 8.9 LTS - 9.9 LTS |\n| 2.0.6 - 2.0.8  | SonarQube 7.9 LTS - 8.9 LTS |\n| 1.2.x - 2.0.5  | SonarQube 7.6 - 7.9 LTS     |\n| 1.1.x          | SonarQube 6.7 LTS           |\n| 1.0.3          | SonarQube 5.6 LTS           |\n\n## Installation\n\nCopy the plugin (jar file) to $SONAR_INSTALL_DIR/extensions/plugins and restart SonarQube or install via SonarQube Marketplace.\n\n## Using\n\nCreate aggregate reports with Dependency-Check. Dependency-Check will output a file named 'dependency-check-report.json'. The Dependency-Check SonarQube plugin reads an existing Dependency-Check JSON report.\n\n## Plugin Configuration\n\nA typical SonarQube configuration will have the following parameter. This example assumes the use of a Jenkins workspace, but can easily be altered for other CI/CD systems.\n\n```ini\nsonar.dependencyCheck.jsonReportPath=${WORKSPACE}/dependency-check-report.json\nsonar.dependencyCheck.htmlReportPath=${WORKSPACE}/dependency-check-report.html\n```\n\nIn this example, all supported reports (JSON and HTML) are specified. Only the JSON report is required, however, if the HTML report is also available, it greatly enhances the usability of the SonarQube plugin by incorporating the actual Dependency-Check HTML report in the SonarQube project.\n\nThis plugin tries to add SonarQube issues to your project configuration files (e.g. pom.xml, \\*.gradle, package-json.lock). Please make sure, that these files are part of `sonar.sources`.\n\nTo configure the severity of the created issues you can optionally specify the minimum score for each severity with the following parameter. Specify a score of `-1` to completely disable a severity.\n\n```ini\nsonar.dependencyCheck.severity.high=7.0\nsonar.dependencyCheck.severity.medium=4.0\nsonar.dependencyCheck.severity.low=0.0\n```\n\nIn large projects you have many dependencies with (hopefully) no vulnerabilities. The following configuration summarize all vulnerabilities of one dependency into one issue.\n\n```ini\nsonar.dependencyCheck.summarize=true\nsonar.dependencyCheck.summarize=false (default)\n```\n\nIf you want skip this plugin, it's possible with following configuration.\n\n```ini\nsonar.dependencyCheck.skip=true\nsonar.dependencyCheck.skip=false (default)\n```\n\nIf you want to work with [Security-Hotspots][Security-Hotspot] to enable a review process in your team, use the following configuration.\n\n```ini\nsonar.dependencyCheck.securityHotspot=true\nsonar.dependencyCheck.securityHotspot=false (default)\n```\n\nIf you want to have the complete jar file path instead of the name, use the following configuration.\n\n```ini\nsonar.dependencyCheck.useFilePath=true\nsonar.dependencyCheck.useFilePath=false (default)\n```\n\n## Ecosystem\n\nDependency-Check is available as a:\n\n-   Command-line utility\n-   Ant Task\n-   Gradle Plugin\n-   Jenkins Plugin\n-   Maven Plugin\n-   SonarQube Plugin\n\n## Copyright \u0026 License\n\nDependency-Check Sonar Plugin is Copyright (c) dependency-check. All Rights Reserved.\n\nDependency-Check is Copyright (c) Jeremy Long. All Rights Reserved.\n\nPermission to modify and redistribute is granted under the terms of the [LGPLv3][] license.\n\n[lgplv3]: http://www.gnu.org/licenses/lgpl.txt\n[github]: https://github.com/dependency-check/dependency-check-sonar-plugin/releases\n[dependency-check]: https://www.owasp.org/index.php/OWASP_Dependency_Check\n[sonarqube 6.x]: https://github.com/dependency-check/dependency-check-sonar-plugin/tree/SonarQube_6.x\n[sonarqube 7.x]: https://github.com/dependency-check/dependency-check-sonar-plugin/tree/SonarQube_7.x\n[sonar-custom-plugin-example]: https://github.com/SonarSource/sonar-custom-plugin-example\n[security-hotspot]: https://docs.sonarqube.org/latest/user-guide/security-hotspots/\n","funding_links":[],"categories":["Java"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdependency-check%2Fdependency-check-sonar-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdependency-check%2Fdependency-check-sonar-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdependency-check%2Fdependency-check-sonar-plugin/lists"}