Dependency Check
for SonarQube™ Cloud

Import Dependency Check vulnerabilities into your cloud projects

TRY NOW    BUY NOW

Enhance SonarQube™ Cloud with Security Insights from Dependency Check

Looking to import valuable Dependency Check insights into your SonarCloud instance?

Dependency Check for SonarCloud is the solution you’re looking for.

With this powerful tool, you can transform the findings from Dependency Check and seamlessly import them into SonarCloud.

Now, you can centralize your code analysis in one place—making it easier to develop high-quality, secure software.


TRY IT FREE BUY NOW

Dependecy Check for SonarCloud

Features

Add security insights from Dependency Check to your SonarQube™ Cloud analysis—easily and effectively.

SonarQube™ Cloud doesn’t natively support Dependency Check, which traditionally meant you’d need to switch to SonarQube™ Server to include those results. But not anymore.

With Dependency Check for SonarQube™ Cloud, you can seamlessly integrate Dependency Check data into your SonarCloud workflow and gain full visibility over your project’s security—all in one place.

Issues SonarCloud

Key Benefits and How It Works

- Keep your current workflow – Analyze your projects with Dependency Check just like you always have.

- Effortless conversion – Our tool converts Dependency Check reports (JSON or XML) into the format required by SonarQube™ Cloud.

- One unified platform for SAST and SCA – Import the converted file into SonarQube™ Cloud and review vulnerabilities without leaving your environment.

- Clear guidance included – Full documentation is provided to help you import vulnerabilities using the sonar.externalIssuesReportPaths parameter.

Now you can extend SonarQube™ Cloud with powerful security insights—no extra hassle, no switching tools.

Getting started

bitegarden Dependecy Check for SonarCloud™ requires Java 8 or higher.


Quick Guide: generate a file with the vulnerabilities of a Dependency Check report for your SonarCloud™ project;


Once you’ve downloaded the product will have an auto executable "jar" file.

Simply place it in your file system and run the jar with the "-help" option to see all available options: 

java -jar bitegarden-dependency-check-for-sonarcloud.jar --help

The result should show you all available options: 

...

bitegarden Dependency Check for SonarCloud (1.0). Copyright (C) 2024 bitegarden. All rights reserved. www.bitegarden.com
 
Loading properties from command line (-Dname=value)... if found, it will override configuration file properties
No configuration found.
bitegarden Dependency Check for SonarCloud. Command Line usage:

java -Dconfig.file=PATH_TO_CONFIG_FILE -Dlicense.file=PATH_TO_LICENSE_FILE ... -jar bitegarden-dependency-check-for-sonarcloud-1.0.jar

  config.file = path to properties file including all the parameters required to generate the reports. 
                This is optional. You can set all the properties through command line args using -DpropertyName=propertyValue
                Note that if you use a config file and command line arguments, arguments will override config file
 
  license.file = path to file with your license key provided by bitegarden.
                  By default a 14 days trial version will be used if license file is not provided

Mandatory properties:

        dependency.check.file = path to Dependency-Check file. Compatible formats (JSON and XML)
        sonar.organizationKey = your organization key used to create license.
         
Optional properties:

        vulnerabilities.file.path = path to project file to add new vulnerabilities in SonarCloud
        output = File name for the generated report (Without .json extension)

...

All properties can be provided through the command line as system arguments using "-D" or through a file custom configuration.

If you use a custom configuration file you must run the application with the argument "-Dconfig.file" providing the path to your file of properties with the configuration: 

java  -Dconfig.file=config.properties  -jar bitegarden-dependency-check-for-sonarcloud.jar --help

If you prefer you can pass all options through the command line with "-D": 

java  -Ddependency.check.file=vulnerabilities.json -Dsonar.organitzationKey=bitegarden -jar bitegarden-dependency-check-for-sonarcloud.jar --help

If an option is defined on both sites (one configuration file and one argument per command line), the value provided on the command line will be used. This way you can have a common configuration file with shared properties (such as sonar.organizationKey) and then simply use the arguments for specific options such as "dependency.check.file", for example.

Using license key

By default when you download the product you can use for 14 days in evaluation mode. Once the evaluation is complete, you will need to purchase the product and obtain a valid license key. The license key is provided in a text file. To use this license file you must set the "license.file" property with the path to the license file in your configuration file (or via a command line argument). The license is tied to your organization’s key. Here’s an example to generate a report using a product license via a command line argument: 

java -Dconfig.file=config.properties -Dlicense.file=PATH_TO_LICENSE_FILE -jar bitegarden-dependency-check-for-sonarcloud.jar --help

Support and resolution of problems

If you have any problems please create a support request on our support center and we will be happy to help you find a solution.

Requests support

Get your Dependency Check for SonarCloud right now!



Free Trial

Evaluation license

  • 14 days evaluation license
  • After submitting the form your download will start including an embedded trial key

Buy License

200 €/year

  • Per organization of SonarCloud
  • Including upgrading and support.
  • When you purchase the producct you agree with terms and conditions.
  • Don't forget to include your email. We will send the license to that email.