External issues ignored

SonarQube Server / Community Build
1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube enterprise 9.9.1, scanner 5.0.1
  • how is SonarQube deployed: zip, Docker, Helm
    Docker
  • what are you trying to achieve
    Scan the report json file and display the items from issues array
  • what have you tried so far to achieve this

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

In my project we use a external analyser which generates a report in json, I’m try to scan the report and show it in sonarqube but when I’m scanning I get error like:
“External issues ignored for 1 unknown files, including:/file/path/filename.mp”
and other report also throws similar error.
I’m running the scanner in different location just with the report.json file with me.
I use docker sonarscanner.
Although the file extension is not supported by sonar, and I don’t have the project files (I have only the report.json file with me), I need to run the scanner and extract the content from issues report json file and display it.
can anyone please help me?

2

Hi,

Welcome to the community!

This simply isn’t going to work. Analysis attaches issues to files. Without the files, there’s nowhere to attach the issues.

 
Ann

3

Ok, let say Even if I have access to the files, they are not recognized by the SonarQube, the files that I work with has different extensions and those languages/files are not recognized by sonar, but we have a external analyzer that generates the issues report json for sonarqube. can you plz suggest any work arounds?

4

Hi,

Try setting your file extensions in the Secrets “Language” in the List of file path patterns to include.

 
HTH,
Ann

5

But I use sonar 9.9 I don’t see secrets lang support in the 9.9 docs… Does it support?

6

Hi,

Ah. Secrets detection was added in 10.3.

 
Ann

7

Yeah, so can I do something else with my version?

8

Hi,

Your other option is to create a plugin to recognize and analyze your language. Upgrading would be easier. :smiley:

 
Ann

9

Any docs or guides I can refer to for the development of custom lang plugin? Also I have an analysed report of the files just need help in figuring out how to attaches issues to files…

10

Hi,

There are not. Your best bet is to look at an open-source analyzer and follow its pattern.

Really, your best bet is to upgrade.

 
Ann

11

Figured a way for attaching issues with files, but now struggling with scanning files under .dir folder,
basically scanner is ignoring the folders that begin with “.” any suggestions?

12

Hi,

Check your analysis log. Are those files ignored by your SCM? If so, analysis is likely ignoring them too.

 
Ann

13

No those files are tracked in git, it’s just scanner is ignoring them.

14

Hi,

If you want to dig into that you should create a new thread with all the details.

 
Ann

15

will do that, Thanks!!