Map SARIF issues to custom rules

andi · August 29, 2024, 6:01am

Hallo,

I want import issues from an external tool with the SARIF format. Those issues belong to the maintainability domain and have different severities. Since the SARIF format does not provide fields for providing the softwareQuality and severity I can not provide this information in the SARIF file itself.

I already tried to create a custom rule as described in Rules with the correct quality (maintainability) and severity.
I used the same rule rule-id in the custom rule and in the SARIF file, but the issue was not mapped to the custom rule.

Is it somehow possible to map the issue from the SARIF file to a custom rule?

Thank you,
Andreas

ganncamp · August 30, 2024, 3:25pm

Hi Andreas,

It is not. SARIF issues are imported as external issues. If you want more control, your options are to use the Generic Issue format, or write a plugin. For that you probably want to take an existing 3rd-party plugin as an example, such as the Dependency Check plugin.

HTH,
Ann

Topic		Replies	Views
SonarCloud can import SARIF files to load external issues Announcements sarif	0	337	September 3, 2024
Support SARIF reports Product Manager for a Day sonarqube , external_issues	25	7343	September 4, 2024
SARIF report issue - unable to see imported content SonarQube Server / Community Build sarif	16	439	August 27, 2024
SonarCloud - SARIF ingestion and visualization Product Manager for a Day	8	421	September 4, 2024
Sarif import report is not full SonarQube Server / Community Build	3	168	July 2, 2024

Map SARIF issues to custom rules

Related topics