There are only 2 types of issues:
- “normal” issues (what you call “internal”). Those are the issues entirely managed by SQ.
- “external” issues. Issues reported by third party tools, not controlled by the SQ scanner.
External issues can be created programmatically using Sensor API newExternalIssue(). Some SonarSource analyzers also provide out of the box support of some well known issue report format for each languages. If you issue report format is not supported, and you don’t want to write a custom Java plugin, you can also convert your issue report to the Generic XML format.
External issues don’t require a rule definition. If you try to report a new external issue with a rule key that is not known by SonarQube, it will create a new empty rule definition on the fly. You can also provide rule definition during the analysis (we call that addhoc rules). Finally, you may still want to pre-register rules definitions, in order to enforce consistency/reserve the engine id/rule id.
So your options 2 and 3 are basically the same concept (external issues) but with the optional possibility to pre-register rules definition.
External issues summary:
- External issue created without (external) rule definition (an empty one will be created automatically) using
newExternalIssue() - External rule + External issue created during analysis (=adhoc rule). Using
newAdHocRule()+newExternalIssue() - External rule defined in advance in the SQ server using
createExternalRepository()then external issues created during the analysis
Does that clarify?