Skip to content

Update dependencycheck.properties #815

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
muellerst-hg wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Update dependencycheck.properties #815

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
81b5ad4
Update dependencycheck.properties
muellerst-hg Dec 3, 2025
24144b4
fix version
muellerst-hg Dec 3, 2025
91148be
really fix
muellerst-hg Dec 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions dependencycheck.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,18 @@
category=Integration
description=Integrates Dependency-Check reports into SonarQube
homepageUrl=https://github.com/dependency-check/dependency-check-sonar-plugin
archivedVersions=3.0.1,3.1.0,4.0.0
publicVersions=4.0.1,5.0.0
archivedVersions=3.0.1,3.1.0,4.0.0,4.0.1
publicVersions=5.0.0,6.0.0
defaults.mavenGroupId=org.sonarsource.owasp
defaults.mavenArtifactId=sonar-dependency-check-plugin

6.0.0.description=Compatibilty with SonarQube >= 2025.1/25.1. Removed HTML report.
6.0.0.sqs=[2025.1,LATEST]
6.0.0.sqcb=[25.1,LATEST]
Copy link
Collaborator

@ganncamp ganncamp Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typically this range would start at 24.12 unless you mean to explicitly exclude it.

6.0.0.date=2025-08-22
Copy link
Collaborator

@ganncamp ganncamp Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This date needs to be ~ when the plugin enters the marketplace. Not when an underlying piece was released.

6.0.0.changelogUrl=https://github.com/dependency-check/dependency-check-sonar-plugin/releases/tag/6.0.0
6.0.0.downloadUrl=https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/6.0.0/sonar-dependency-check-plugin-6.0.0.jar

Copy link
Collaborator

@ganncamp ganncamp Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Reamer is right. Only one version can target LATEST at a time. You'll need to update previous version, 5.0.0, to end those ranges before LATEST. If you were archiving 5.0.0, you could leave the rest of the range as-is. But public plugin versions can't overlap compatibility. This is about the Marketplace knowing when to tell users "Hey, it's time to upgrade your plugin."
Archived versions can overlap in compatibility with public versions. But public versions can't. This would be why for 4.0.1 sqVersions ends at 10.3 and 5.0.0 picks up at 10.4

5.0.0.description=Update SonarQube-API and SonarSource Parent
5.0.0.sqs=[10.8,LATEST]
Copy link
Contributor

@Reamer Reamer Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @muellerst-hg ,
thanks for your pull request. The range for LATEST can only be filled by one release.
But @ganncamp can explain it better.

5.0.0.sqcb=[24.12,LATEST]
Expand Down