Skip to content
This repository has been archived by the owner on Feb 23, 2021. It is now read-only.

porscheinformatik/sonar-dependency-check-plugin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

77 Commits
src
src
 
 
.checkstyle
.checkstyle
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 
checkstyle.xml
checkstyle.xml
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Dependency Check Sonar Plugin

Build Status

⚠️ This Plugin is deprecated - use https://github.com/porscheinformatik/sonarqube-licensecheck instead

This Sonar plugin ensures that projects in an organization adhere to a set of standard libraries and versions. This enables the governance of the used libraries and licences.

License

This software is licensed under the Apache Software License, Version 2.0, http://www.apache.org/licenses/LICENSE-2.0.txt

Compatibility

SonarQube >= 4.4 and < 5.0

Features

Analysis

During the project analysis all dependencies are checked against the defined list of allowed libraries. If a project uses an unlisted dependency, a violation with level "Blocker" will be added. If a project uses a listed dependency out of version range, a violation with level "Critical" will be added.

Dependecy Check Page

The plugin contains a page with all libraries (in form library:version), the licenses used and the status of this dependency. The view also displays a list of all used licences.

Example:

LibVersionStatus
org.springframework:spring-core:3.2.1.RELEASEApache 2.0OK
org.springframework:spring-beans:3.2.1.RELEASEApache 2.0OK
commons-logging:commons-logging:1.1.1Apache 2.0Wrong version
net.sf.jopt-simple:jopt-simple:3.0MITUnlisted

Licenses:

LicenseDescriptionURL
Apache 2.0The Apache Software License, Version 2.0http://www.apache.org/licenses/LICENSE-2.0.txt
MITThe MIT Licensehttp://www.opensource.org/licenses/mit-license.php

Configuration

Licenses

A list of licenses can be configured via Settings > Configuration.

LicenseDescriptionURL
Apache 2.0The Apache Software License, Version 2.0http://www.apache.org/licenses/LICENSE-2.0.txt
MITThe MIT Licensehttp://www.opensource.org/licenses/mit-license.php
LGPL 2.1GNU Lesser General Public License (LGPL), Version 2.1http://www.fsf.org/licensing/licenses/lgpl.txt

Libraries

The list of allowed dependencies with a given version range can be configured via Settings > Configuration.

Here is an example:

LibAllowed VersionsLicense
org.springframework:spring-core[3.0,4.0)Apache 2.0
commons-logging:commons-logging1.1.3Apache 2.0

The version ranges have to be specified in Maven syntax (see http://maven.apache.org/enforcer/enforcer-rules/versionRanges.html).

This list can be configured in general settings and can be customizable on a per-project basis (if only one project uses a certain library).

About

Sonar Dependency Check Plugin

Topics

deprecated

Resources

Readme
Activity
Custom properties

Stars

4 stars

Watchers

6 watching

Forks

3 forks
Report repository

Releases 5

Release 1.2, 2015-08-19 Latest
Aug 19, 2015
+ 4 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages