On this page
Generic issue import format
SonarQube supports a generic import format for raising external issues in code. You can use this format to import issues from your favorite linter even if there's no plugin for it. SonarQube also supports several third-party issue report formats, and issues imported from SARIF reports.
External issues and the rules that raise them must be managed in the configuration of your linter.
Import
The analysis parameter sonar.externalIssuesReportPaths
accepts a comma-delimited list of paths to reports.
Each report must contain, at the top level, an array of Issue
objects named issues
.
Issue fields:
engineId
- StringruleId
- StringprimaryLocation
- Location objecttype
- String. One of BUG, VULNERABILITY, CODE_SMELLseverity
- String. One of BLOCKER, CRITICAL, MAJOR, MINOR, INFOeffortMinutes
- Integer, optional. Defaults to 0secondaryLocations
- Array of Location objects, optional
Location fields:
message
- StringfilePath
- StringtextRange
- TextRange object, optional for secondary locations only
TextRange fields:
startLine
- Integer. 1-indexedendLine
- Integer, optional. 1-indexedstartColumn
- Integer, optional. 0-indexedendColumn
- Integer, optional. 0-indexed
Example
Here is an example of the expected format:
Limitations
There are a couple of limitations with importing external issues:
- You can't manage them within SonarQube. For example, you can't mark them as false positives.
- You can't manage the activation of the rules that raise these issues within SonarQube. External rules aren't visible on the Rules page or reflected in quality profiles.
© 2008-2023, SonarSource S.A, Switzerland. Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution-NonCommercial 3.0 United States License. SONARQUBE is a trademark of SonarSource SA. All other trademarks and copyrights are the property of their respective owners.