Generic Issues - Import for none scanned files

SonarQube Server / Community Build
1

Must-share information (formatted with Markdown):

  • Tried 8.3.1 and 7.9(LTS) at the time of writing this request for help
  • Import generic issues from external scanner
  • Tried importing the sample json provided here - https://docs.sonarqube.org/latest/analysis/generic-issue/
    Ran sonar-scanner(SonarScanner 4.3.0.2102) in the project root(empty src directory) with the below contents of the sonar-project.properties

sonar.projectKey=training:external-issues
sonar.projectName=Training: External issues import
sonar.projectVersion=1.0
sonar.sources=src

sonar.externalIssuesReportPaths=issues.json
sonar.go.golint.reportPaths=reports/golint-report.txt
sonar.python.pylint.reportPath=reports/pylint-report.txt
sonar.kotlin.detekt.reportPaths=reports/detekt-report.xml
sonar.java.checkstyle.reportPaths=reports/checkstyle-report.xml

The sample JSON is stored in the root directory as issues.json.

I have not amended the default rules in SQ and of course there are no scanned files (src is empty).

I want to create issues for files not scanned by my maven build e.g external deps.

Is this possible? Do I need to create “fake” files for the issues to be associated with? Do I need to pre-create the rules for ruleId?

2

Hi,

You mention Maven, and I think the issue might be that since Maven auto-sets sonar.sources the files in your external issues report might be being omitted altogether from analysis. Does that sound right? Where are the files that are referenced in your issues.json?

&BTW, to override the auto-fed value for sonar.sources you would pass it on the command line, like so: mvn [other goals] sonar:sonar -Dsonar.sources=...

 
HTH,
Ann

3

Hi Ann,

The files don’t exist. I can create “fake files” if that’s what the scanner requires. I jsut want to create a set of issues based on the json file.

This appears to be the only way after the very strange decision to deprecate some very useful features/apis around the 5.x time.

Is there another way I can programatically create issues in SonarQube?

4

Hi,

Issues need to be attached to something. It might be possible to attach them to a directory (my testing of the generic issues format was a very long time ago now). If that doesn’t work, I guess you can attach them to an arbitrarily chosen file. What are you currently filling in for filePath?

 
Ann

5

Hi,

I used the example json exactly as it is provided. Included below for reference. I don’t want or even care that the file doesn’t exist really. I just want to create issuess from a file with the content I choose :grinning:

I would love for the create issue api to re-appear, please.

{ “issues”: [
{
“engineId”: “test”,
“ruleId”: “rule1”,
“severity”:“BLOCKER”,
“type”:“CODE_SMELL”,
“primaryLocation”: {
“message”: “fully-fleshed issue”,
“filePath”: “sources/A.java”,
“textRange”: {
“startLine”: 30,
“endLine”: 30,
“startColumn”: 9,
“endColumn”: 14
}
},
“effortMinutes”: 90,
“secondaryLocations”: [
{
“message”: “cross-file 2ndary location”,
“filePath”: “sources/B.java”,
“textRange”: {
“startLine”: 10,
“endLine”: 10,
“startColumn”: 6,
“endColumn”: 38
}
}
]
},
{
“engineId”: “test”,
“ruleId”: “rule2”,
“severity”: “INFO”,
“type”: “BUG”,
“primaryLocation”: {
“message”: “minimal issue raised at file level”,
“filePath”: “sources/Measure.java”
}
}
]}

6

Hi,

Okay, change the filePath values to files that exist in your project, and you should see issues.

 
Ann

7

Hi Ann,

I got this working thanks to your guidance! Thank you and I’ll now un-blocked for now.

The creation and manipulation e.g. adding of tags should efinately be in the API in my humble opinion.

Thanks for you help so far in this journey.

Ryan