Git Product home page Git Product logo

sonar-teams-notifier's Introduction

Sonar Teams Notifier

License Build Status Maintainability Test Coverage Checkstyle Downloads

This SonarQube plugin notifies WebEx Teams of Scan Results.

Usage

Administration

Only one setting is required once the plugin is installed, and that's to enable the plugin.

Admin Screenshot

Scanning

Basic Usage

To enable WebEx Teams notifications for scan results, supply the Incoming Webhook URL to the sonar-scanner command using the custom sonar.teams.hook property. This is the only property required to enable notifications.

Example
mvn sonar:sonar \
  -Dsonar.teams.hook=https://api.ciscospark.com/v1/webhooks/incoming/1234

Advanced Usage

All custom properties pertaining to this plugin are specified under sonar.teams, e.g. sonar.teams.hook.

Property name Required Description
hook YES The WebEx Teams Incoming Webhook URL.
fail_only no Specify any truthy value (e.g. 1 or true) to send notifications only when there is a failure.
commit_url no When specified, the commit in the notification links to the commit that triggered the build/scan.
change_author_email no When specified, the commit author is mentioned when there are any failures.
change_author_name no Sets the commit author's display name when mentioned.
Example
mvn sonar:sonar \
  -Dsonar.teams.hook=https://api.ciscospark.com/v1/webhooks/incoming/1234 \
  -Dsonar.teams.fail_only=1 \
  -Dsonar.teams.commit_url=https://github.com/owner/repo/commit/1234567 \
  [email protected] \
  -Dsonar.teams.change_author_name="Author Name"

Documentation

Browse the Javadocs at https://aensley.github.io/sonar-teams-notifier/

sonar-teams-notifier's People

Contributors

aensley avatar dependabot[bot] avatar mend-bolt-for-github[bot] avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

osmyslitelny minhhoangvn

sonar-teams-notifier's Issues

WS-2009-0001 (Low) detected in commons-codec-1.11.jar

WS-2009-0001 - Low Severity Vulnerability

Vulnerable Library - commons-codec-1.11.jar

The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

Library home page: http://commons.apache.org/proper/commons-codec/

Path to dependency file: /tmp/ws-scm/sonar-teams-notifier/pom.xml

Path to vulnerable library: /root/.m2/repository/commons-codec/commons-codec/1.11/commons-codec-1.11.jar

Dependency Hierarchy:

  • httpclient-4.5.9.jar (Root Library)
    • โŒ commons-codec-1.11.jar (Vulnerable Library)

Found in HEAD commit: 2a9ceff94944a0cbcff0fef567afdc244c05f4a9

Vulnerability Details

Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability.

Publish Date: 2007-10-07

URL: WS-2009-0001

CVSS 2 Score Details (0.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

Add proxy authentication.

sonar-teams-notifier/src/main/java/com/andrewensley/sonarteamsnotifier/extension/TeamsPostProjectAnalysisTask.java

Lines 106 to 111 in 1309a49

// TODO: Add proxy authentication.
return HttpClient.newBuilder()
.version(HttpClient.Version.HTTP_2)
.followRedirects(HttpClient.Redirect.ALWAYS)
.proxy(ProxySelector.of(new InetSocketAddress(proxyIp.get(), proxyPort.get())))
.build();

This issue was generated by todo based on a TODO comment in 1309a49. It's been assigned to @aensley because they committed the code.

Update deprecated code

Several calls to SonarQube methods are deprecated. Replace with up-to-date implementations.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.