External Issues ignored by sonarqube-scan-actions

zhanwang626 · April 7, 2023, 9:58pm

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube 9.9
SonarScanner 4.7.0.2747
how is SonarQube deployed: zip, Docker, Helm
Docker
what are you trying to achieve
Trying to import external issues via generic issue format. Running scan through sonarqube-scan-actions in Github actions. But my external issues are ignored by the scanner.

DEBUG: Importing issues from 'sonar-reports/external_issue.json'
INFO: Imported 0 issues in 0 files
INFO: External issues ignored for 3 unknown files, including: /runner/_work/project_dir/file-a, /runner/_work/project_dir/file-b, /runner/_work/project_dir/file-c

what have you tried so far to achieve this
I checked the scan log and found my /runner/_work/project_dir has been mounted to "/github/workspace, I wonder if that is reason for my external issues were ignored?

/usr/bin/docker run 
...
-v
"/runner/_work/project_dir":"/github/workspace"

How should I fix this issue?

ganncamp · April 10, 2023, 2:38pm

Hi,

Analysis doesn’t recognize the file paths listed in your external issues report. For this to work, those file paths will need to match up to the paths analysis sees.

HTH,
Ann

zhanwang626 · April 10, 2023, 3:43pm

Hi Ann,

Thanks for your response!

“For this to work, those file paths will need to match up to the paths analysis sees.” Does this mean I need to change those file paths to something like /github/workspace/file-a or just use the relative filepath file-a?

Also I want to point out that filepath like /runner/_work/project_dir/file-a indeed exist in the Github Actions. It just somehow can not be recognized by SonarQube ( the working directory of sonar scanner image is /github/workspace)

ganncamp · April 10, 2023, 3:45pm

Hi,

The paths should probably be relative to where analysis kicks off from.

HTH,
Ann

zhanwang626 · April 10, 2023, 4:09pm

Hi,

Thank you for your suggestion! I appreciate it.

If you don’t mind, I have two questions that I was hoping you could help me understand:

Would you happen to know why SonarQube Analysis is not recognizing the file paths listed in my external issues report?
I was under the impression that both absolute and relative paths should work for the generic issue import format https://docs.sonarqube.org/latest/analyzing-source-code/importing-external-issues/generic-issue-import-format/

I would greatly appreciate your help in clarifying these matters.

Thank you and have a wonderful day!

ganncamp · April 10, 2023, 4:36pm

Hi,

Off-hand, it’s hard to know. My guess would be that the paths in the report just don’t match up to what analysis sees. The starting point would be to look at any paths in your analysis log and compare them to those in the report.

HTH,
Ann

zhanwang626 · April 12, 2023, 4:46am

Hi Ann,

I came across a post from two years ago that discussed the same issue I am currently facing. The post can be found at Sonar on Github Actions with Python Coverage "source" Issue.

When using the OSS version of sonarqube-scan-actions, the Sonar scan runs in a Docker container with the source volume mounted to a separate location. The following log is from the Docker command in the Github Action:

-v "/runner/work/repo":"/github/workspace"

As a result, Sonar Scanner is unable to recognize the /runner/work/repo path even though some of the report paths are using it. Ideally, we would like address this issue in OSS side. Please let me know if SonarQube team can resolve this problem. Thanks!

jacek.poreda · May 26, 2023, 12:20pm

Hello @zhanwang626 ,

This is a known limitation of Github Action as it is mounting volume into different directory hence the issue.

There is a ticket to explain that limitation on our side in documentation: [SQSCANGHA-10] - Jira.

So far if relative paths did not help you out there is no fix to that.