I've implemented SonarQube and Dependency Check task in TFS with below configuration:
1. Prepare analysis on SonarQube task
sonar.cs.vstest.reportsPaths=**/*.trx
sonar.cs.vscoveragexml.reportsPaths=**/*.coveragexml
sonar.cfamily.build-wrapper-output=$(Build.SourcesDirectory)
sonar.cfamily.threads=6
sonar.cfamily.cppunit.reportsPath=$(Build.SourcesDirectory)
sonar.branch.name=$(Build.SourceBranchName)
sonar.dependencyCheck.reportPath=$(Build.ArtifactStagingDirectory)\dependency-check-report.xml
sonar.dependencyCheck.htmlReportPath=$(Build.ArtifactStagingDirectory)\dependency-check-report.html
2. OWASP Dependency Check task
C:\tools\dependency-check\bin\dependency-check.bat --project "xyz" -f ALL -s "$(Build.SourcesDirectory)" -o "$(Build.ArtifactStagingDirectory)"
but getting an error in this step:
[ERROR] Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta
I have downloaded dependency check command line plugin from https://www.owasp.org/index.php/OWASP_Dependency_Check
I have solved this question by myself, please see below
NIST is the government organization which maintains all vulnerability data. NVD (National Vulnerability Database) is the database from where it fetches the data.
So I was getting this error due to NVD database was down at that moment as many people polls the database at same time.