Display Trivy reports on sonarcloud

Sasank_Madati · November 20, 2023, 4:05am

Hello guys,

For my project I have Trivy set up to take care of scanning the built images for vulnerabilities. Trivy is set up to generate reports in Json and SARIF formats. I need to display these reports along with other code issues and hotspots that are shown in sonar cloud.

Can this type of task be done?

I have read about test execution parameters and how they can display things in sonarcloud. But all the content there is regard to some particular language like c or java or python. In my case, there is no language involved, just docker images.

Can anyone help me out by pointing me in the right direction?

Appreciate any help
Thanks in advance

Colin · November 22, 2023, 8:56am

Hey there.

The ability to import SARIF reports (like is already possible for SonarQube) is on our roadmap (I encourage you to go vote for the card!)

For now, you might be able to convert a JSON/SARIF report to Generic issue data to be imported into SonarCloud.

system · November 29, 2023, 8:56am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.