First steps
bitegarden Dependecy Check for SonarCloud™ requires Java 8 or higher.
Quick Guide: generate a file with the vulnerabilities of a Dependency Check report for your SonarCloud&trade project;
Once you’ve downloaded the product will have an auto executable "jar" file.
Simply place it in your file system and run the jar with the "-help" option to see all available options:
java -jar bitegarden-dependency-check-for-sonarcloud.jar --help
The result should show you all available options:
...
bitegarden Dependency Check for SonarCloud (1.0). Copyright (C) 2024 bitegarden. All rights reserved. www.bitegarden.com
Loading properties from command line (-Dname=value)... if found, it will override configuration file properties
No configuration found.
bitegarden Dependency Check for SonarCloud. Command Line usage:
java -Dconfig.file=PATH_TO_CONFIG_FILE -Dlicense.file=PATH_TO_LICENSE_FILE ... -jar bitegarden-dependency-check-for-sonarcloud-1.0.jar
config.file = path to properties file including all the parameters required to generate the reports.
This is optional. You can set all the properties through command line args using -DpropertyName=propertyValue
Note that if you use a config file and command line arguments, arguments will override config file
license.file = path to file with your license key provided by bitegarden.
By default a 14 days trial version will be used if license file is not provided
Mandatory properties:
dependency.check.file = path to Dependency-Check file. Compatible formats (JSON and XML)
sonar.organizationKey = your organization key used to create license.
Optional properties:
vulnerabilities.file.path = path to project file to add new vulnerabilities in SonarCloud
output = File name for the generated report (Without .json extension)
...
All properties can be provided through the command line as system arguments using "-D" or through a file
custom configuration.
If you use a custom configuration file you must run the application with the argument "-Dconfig.file" providing the path to your file
of properties with the configuration:
java -Dconfig.file=config.properties -jar bitegarden-dependency-check-for-sonarcloud.jar --help
If you prefer you can pass all options through the command line with "-D":
java -Ddependency.check.file=vulnerabilities.json -Dsonar.organitzationKey=bitegarden -jar bitegarden-dependency-check-for-sonarcloud.jar --help
If an option is defined on both sites (one configuration file and one argument per command line), the value provided on the command line will be used.
This way you can have a common configuration file with shared properties (such as sonar.organizationKey) and then simply use the arguments
for specific options such as "dependency.check.file", for example.
By default when you download the product you can use for 14 days in evaluation mode.
Once the evaluation is complete, you will need to purchase the product and obtain a valid license key.
The license key is provided in a text file. To use this license file you must set
the "license.file" property with the path to the license file in your configuration file (or via a command line argument).
The license is tied to your organization’s key.
Here’s an example to generate a report using a product license via a command line argument: