Scanning Gradle project error.

[Netherstack]

Hi , we are using Dependency Check plugin from SonarQube & also the Extension in Azure DevOps, The plugin works fine with nodejs, csproj but it fails when we try to scan a Gradle Project. Can you please give use more information or documentation on how to scan a Gradle Project using these extensions? it seems we are missing somewhere at the Scan Path configuration. Thank you

[mprins]

Neither is maintained in this project; and you have not given any information that is helpful in analysing your problem. DependencyCheck provides a great deal of detailed information in https://jeremylong.github.io/DependencyCheck/

For the specific products please see:

• Dependency Check plugin from SonarQube: https://github.com/dependency-check/dependency-check-sonar-plugin
• the Extension in Azure DevOps : https://github.com/dependency-check/azuredevops (which seems to be lagging more than a year in development/maintainance)

[Netherstack]

We use the Dependency Check Extension in Azure DevOps, Scanning repos containing nodejs, csproj works fine and it shows vulnerabilities in Dependencies, but when we tried to scan a project containing Gradle , Dependency Check finishes but the Report is blank. Is there any detailed information on how to configure Dependency Check to scan Gradle Projects using Dependency Check Azure DevOps Extension because I could not find information ?

[aikebah]

Dependency Check Azure DevOps Extension is a wrapper to run the CLI. That will indeed not work for gradle projects (that is to say: it will not detect any of your gradle defined dependencies). For those you should run the gradle plugin in your pipeline.

[Netherstack]

Thank you for your detailed answer. I will try to add gradle plugin in the pipeline.