Just to mention, I’ve made a tool to convert a few of Rust tooling output into Sonar generic input with the project cargo-sonar.
Basically, you run rust tooling somewhere, then convert the output with cargo-sonar, then feed it to sonar-scanner.
I’ve been working with it for a few months on some projects already, and it’s already useful enough (mainly the clippy parser). It’s not perfect though, as there are at least 2 main problems with it:
- I don’t have experience to categorize correctly an issue into the semantic used in Sonar (is it critical or not for example), so any scoring between A and E that might be given by the result of using
cargo-sonaris likely incoherent with any other Sonar approved tool - some of the supported tools are frequently changing their API, which makes
cargo-sonarworks relatively well on an up-to-date version of all tools, but maybe not so much on older versions