Publish sonarqube report from Gosec into sonarqube


I have a bunch of report from Gosec with format=sonarqube which are JSON files. I would like to import these reports to Sonarqube and I’m not finding any way to do this from the Web_API or even UI. I am using sonarqube community Edition version 8.7.1

Can someone please tell me how can I do this?

Hi @amirali7089 ,

Welcome to SonarSource Community! :sonarsource:

You import the gosec reports (in sonarqube format) during the Sonar scan with this analysis parameter:


You do not upload it with web API or with the UI. You must use it during the Sonar scan process. For more information, see Generic Issue Import Format | SonarQube Docs


Thanks @Joe this clarify the workflow. I saw that there is a binary sonar reporter that I need to use instead of using the Web API. Can I build the binary from source?

Hi @amirali7089 ,

I’m not sure what you mean by “sonar reporter”. Perhaps you mean the Sonar scanner? Please start with the Overview page that explains the Sonar scanner for analysis. Where are your Sonar scanners running? Wherever it is running, you need to add the extra analysis parameter sonar.externalIssuesReportPaths and the path to the gosec reports.

@Joe sorry I meant “Sonar Scanner CLI” I would like to build that from source if possible.

@amirali7089 : There should be no need to build Sonar Scanner CLI from source. Is there a reason why?

If you really want to, you can build the scanner from here: GitHub - SonarSource/sonar-scanner-cli: Scanner CLI for SonarQube and SonarCloud