bitegarden Security Report for SonarCloud™ requires Java 8 to run.
How to generate PDF security reports for projects in SonarCloud™
Here you have a quick usage guide to generate PDF security reports from SonarCloud™.
Once you have downloaded the product you will have an auto executable "jar" file.
Just put it anywhere in your filesystem and run the jar with --help option to see all the available options:
java -jar bitegarden-sonarcloud-security.jar --help
You will get something like this:
sonar.token = your user security token to authenticate against SonarCloud.
It is recommended to generate a new token for this app.
sonar.projectKey = the project key from SonarCloud. You can find it in SonarCloud project information
sonar.organizationKey = the SonarCloud organization the project belongs to
report.type = owasp-top-10-2021 (default value)
sonar.branch = the branch where we will get the information for the report (default is main branch)
footer.url = URL of the image to display centered in footer (PNG or JPG format are supported)
user.locale = Locale to use for generated PDF file. Options are English (user.locale=en) or Spanish (user.locale=es)
output = File name for the generated report
All the properties should be passed to the command line app using Java system properties with "-D" or using a custom properties file.
If you use a custom properties file you should run the application with the "config.file" parameter and provide the path to the properties file:
java -Dconfig.file=myreportconfig.properties -jar bitegarden-sonarcloud-security.jar
If you just want to pass the required parameters through system properties use "-D" arguments when running the report:
java -Dsonar.token=mytoken -Dsonar.projectKey=myprojectkey -Dsonar.organizationKey=myorg -Dreport.type=cwe-top-25-2021 -jar bitegarden-sonarcloud-security.jar
If a property is defined in both locations (file and command line args) the command line property will override
the property in the file. This way you can have a generic configuration file with the common properties (sonar.token, sonar.organizationKey, report.type, ...)
and then use command line args for specific properties like sonar.projectKey or sonar.branch.
Running the report with a license key
By default when you download the product you will be able to use it during 14 days. Once your evaluation is finished, you
will need to purchase the product and get a valid license key.
The license key will be provided as a text file. In order to use this license file you must set the property "license.file" in your
configuration file (or through command line args) with the path of your license file.
This is a sample running a licensed product using a command line argument:
java -Dconfig.file=myreportconfig.properties -Dlicense.file=PATH_TO_LICENSE_FILE -jar bitegarden-sonarcloud-security.jar
It is up to you to include the "license.file" property in your configuration file or use it as a command line argument with "-D".
Troubleshooting and Support
When you run the reports the product will display all the information for both the license and the configuration
on the standard output. If you have any problem please open a support request in our customer portal and we will
be happy to help you find a solution.