Resolve "Integrate dependency-check container with Sonarqube"

Closes #12 (closed)

dependency-check/entrypoint.sh

@@ -6,9 +6,13 @@ if [ $1 == '-v' ]; then
 	exit 0
 fi
 
-dependency-check.sh -n --project ${CI_PROJECT_NAMESPACE} -s ./ -f JSON
-cat dependency-check-report.json | jq '.dependencies | .[] | select (.vulnerabilities) | [.fileName, .filePath, .vulnerabilities]' | sed -e "s/\"\/work\///g"
-RESULT=`cat dependency-check-report.json | jq '.dependencies | .[] | select (.vulnerabilities) | [.fileName, .filePath, .vulnerabilities] | length == 0' | sed -e "s/\"\/work\///g"`
+DEPENDENCY_CHECK_OUT_DIR=${DEPENDENCY_CHECK_OUT_DIR-"`pwd`/dependency-check-report/"}
+
+mkdir -p ${DEPENDENCY_CHECK_OUT_DIR}
+dependency-check.sh --format ALL -s ./ --out ${DEPENDENCY_CHECK_OUT_DIR} --project ${CI_PROJECT_NAMESPACE} -n
+
+cat ${DEPENDENCY_CHECK_OUT_DIR}/dependency-check-report.json | jq '.dependencies | .[] | select (.vulnerabilities) | [.fileName, .filePath, .vulnerabilities]' | sed -e "s/\"\/work\///g"
+RESULT=`cat ${DEPENDENCY_CHECK_OUT_DIR}/dependency-check-report.json | jq '.dependencies | .[] | select (.vulnerabilities) | [.fileName, .filePath, .vulnerabilities] | length == 0' | sed -e "s/\"\/work\///g"`
 
 if [ "${RESULT}" = "" ]; then
 	exit 0