Add the ability to populate the 'rules details' panel when using the Generic Issue Import Format

Hello, I am using the Generic Issue Import Format to import some vulnerability data.

I would like to be able to provide the user with more information, some links and remediation, when they click “Why is this an issue?” in the main message. At the moment, when I click that, the rules details panel opens but there is no information to show.

I’ve also got a Github repo that ‘showcases’ this problem: Trivy Template Output to Sonarqube. You can try it for yourself if you want.

Hi,

The Generic Issue format is for issues only. If you’d like to provide details on the rules side you’ll need to implement a plugin. I believe you can take a look at the underlying code for JS analysis to see how to use the Generic Issue format and provide rule descriptions.

 
HTH,
Ann

Hello, from perspective of someone like me who’s not familiar with Java or plugin development; it could make the process of ‘adhoc’ rules/issues a lot easier - it’s just a matter of shaping the JSON.

In the example of Trivy, there aren’t any ‘rules’ to speak of, each vulnerability is pretty much its own rule, and in this example I was going to use the rule as a place to put links to read more about the CVEs, and where the fix is.

2 Likes

Hello. I am building an application output into the Generic Issue Import Format so that I can read it into Sonarqube. I am able to import the issues into Sonarqube, and it appears. So far so good.

My question - when a user clicks “Why is this an issue?” it opens up a panel at the bottom.
How can I fill up this panel with some additional useful information? I can’t figure out where in the generic issue import format I can add something that would go into this box. Can you help me?

Ann’s note: Merge another, ‘Get Help’ thread on same topic starts here.

1 Like

I’ve created a Github repo Trivy to Sonarqube to ‘showcase’ the problem. I’m using Trivy which is a container scanning tool, and massaging its output into the generic issue format that Sonarqube accepts.

Any advice on what to do here? Is this the right place for feature request? I checked the Sonarqube github but there isn’t an issues section there.

OK I’ve been searching and searching, and I think this might actually be a feature request. Please correct me if I’m wrong, but seems like the Generic Issue Import Format doesn’t allow adding any additional details.

I’ve started a feature request thread: Add the ability to populate the 'rules details' panel when using the Generic Issue Import Format

Hi,

I’ve answered in your feature request thread. Would you like me to merge the two threads?

 
Ann

Hi sure, if that’s useful please go ahead

1 Like

I am also hoping to add this feature which just needed to shape the JSON to add rules details