which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube 9.9
SonarScanner 4.7.0.2747
how is SonarQube deployed: zip, Docker, Helm
Docker
what are you trying to achieve
Trying to import external issues via generic issue format. Running scan through sonarqube-scan-actions in Github actions. But my external issues are ignored by the scanner.
DEBUG: Importing issues from 'sonar-reports/external_issue.json'
INFO: Imported 0 issues in 0 files
INFO: External issues ignored for 3 unknown files, including: /runner/_work/project_dir/file-a, /runner/_work/project_dir/file-b, /runner/_work/project_dir/file-c
what have you tried so far to achieve this
I checked the scan log and found my /runner/_work/project_dir has been mounted to "/github/workspace, I wonder if that is reason for my external issues were ignored?
/usr/bin/docker run
...
-v
"/runner/_work/project_dir":"/github/workspace"
Analysis doesn’t recognize the file paths listed in your external issues report. For this to work, those file paths will need to match up to the paths analysis sees.
“For this to work, those file paths will need to match up to the paths analysis sees.” Does this mean I need to change those file paths to something like /github/workspace/file-a or just use the relative filepath file-a?
Also I want to point out that filepath like /runner/_work/project_dir/file-a indeed exist in the Github Actions. It just somehow can not be recognized by SonarQube ( the working directory of sonar scanner image is /github/workspace)
Off-hand, it’s hard to know. My guess would be that the paths in the report just don’t match up to what analysis sees. The starting point would be to look at any paths in your analysis log and compare them to those in the report.
When using the OSS version of sonarqube-scan-actions, the Sonar scan runs in a Docker container with the source volume mounted to a separate location. The following log is from the Docker command in the Github Action:
-v "/runner/work/repo":"/github/workspace"
As a result, Sonar Scanner is unable to recognize the /runner/work/repo path even though some of the report paths are using it. Ideally, we would like address this issue in OSS side. Please let me know if SonarQube team can resolve this problem. Thanks!