Import Cppcheck SARIF

danmar · February 21, 2025, 6:10pm

I am the maintainer of the Cppcheck static analysis tool.

As far as I understand SonarQube supports SARIF.

Do you know if SonarQube supports the SARIF output from Cppcheck? Would you like some sample report(s) from me or anything?

Cppcheck will write a SARIF report if --output-format=sarif is specified on the command line.

Colin · February 24, 2025, 9:14am

Hey @danmar

I haven’t tried importing reports from cppcheck myself, but you should be able to try it out just by passing the report to sonar.sarifReportPaths as documented! Let us know the results!

Topic		Replies	Views
Support SARIF reports Product Manager for a Day sonarqube , external_issues	25	7352	September 4, 2024
How do you use SARIF today? Discussions sarif	2	99	August 27, 2024
Valid SARIF report won't import (parser exception) SonarQube Server / Community Build scanner , sarif	4	598	September 21, 2023
Import Sarif report - source context not matching SonarQube Server / Community Build sarif , sonarqube-cloud	9	101	December 12, 2024
Import cppcheck_report.xml to SonarQube Community SonarQube Server / Community Build cfamily	17	1493	April 13, 2023

Import Cppcheck SARIF

Related topics