Can't add multiple test reports to SonarQube

I am using sonar-scanner to scan a Go project.
Adding a unit tests report generated with go test -json ./... > artifacts/test/report.json works as expected when using the configuration setting sonar.go.tests.reportPaths=artifacts/test/report.json works as expected.

However, I have a 2nd (security) test report (coming from gosec -fmt=sonarqube -no-fail -out=artifacts/test/gosec-report.json ./...) which I would like to add to the reports. Therefore, I used the following call of the sonar-scanner with: sonar.go.tests.reportPaths=artifacts/test/*.json

Sadly it neither picks up the unit test report report.json nor the security test report gosec-report.json.

How can I add both reports to SonarQube?

      sonar-scanner \
        -Dsonar.exclusions=**/*_test.go \
        -Dsonar.projectKey="my-porject \
        -Dsonar.qualitygate.wait=true \
        -Dsonar.sources=. \
        -Dsonar.test.inclusions=**/*_test.go \
        -Dsonar.tests=. \
        -Dsonar.go.coverage.reportPaths=artifacts/test/coverage.out \
        -Dsonar.go.tests.reportPaths=artifacts/test/*.json \

Hi,

Could you provide the analysis log? Specifically, it will be helpful to see what the log says about reading (or not!) these reports.

 
Ann

Hey G Ann,

the problem was that the GoSec report was in generic report format which I did not recognize earlier.
I even had them add a note about it in the README (see GitHub - securego/gosec: Golang security checker).

My finished command looks like this:

sonar-scanner \
        -Dsonar.exclusions=**/*_test.go \
        -Dsonar.externalIssuesReportPaths=artifacts/test/gosec-report.json \
        -Dsonar.projectKey="my-project" \
        -Dsonar.qualitygate.wait=true \
        -Dsonar.sources=. \
        -Dsonar.test.inclusions=**/*_test.go \
        -Dsonar.tests=. \
        -Dsonar.go.coverage.reportPaths=artifacts/test/coverage.out \
        -Dsonar.go.tests.reportPaths=artifacts/test/report.json