Wikis - Page

Knowledge Doc: SonarQube integration does not push existing vulnerabilities to Octane

0 Likes

Environment

Octane integration with SonarQube via Jenkins. 

Situation

SonarQube integration does not push existing vulnerabilities to Octane. 

Cause

By default, any existing vulnerabilities detected in SonarQube will not be pushed to Octane. When a pipeline is created in Octane for the Jenkins job that handles SonarQube vulnerabilities, the vulnerabilities_baseline value is set to the time of pipeline creation. Only new vulnerabilities detected after that time will be discovered and pushed to Octane and the vulnerabilities_baseline value is then updated accordingly.

Read full article

Labels:

Support Tips/Knowledge Docs
Comment List
Related
Recommended