Hi all,
I am trying to import a SARIF report from another tool into SonarQube, but the job keeps failing.
According to the logs, one of the required attributes is missing, but as far as I can see, everything is present.
For testing purposes, I am now trying to import the SARIF example report from the documentation: Importing issues from SARIF reports, but get the same error:
12:02:20.113 DEBUG: 'Import external issues report from SARIF file.' skipped because one of the required properties is missing
This is the GitLab CI job running the Sonar Scan. The report is added at the bottom of the script.
variables:
SONAR_SCANNER_IMAGE: $DOCKERHUB_CONTAINER_REGISTRY/sonarsource/sonar-scanner-cli:5.0.1
SONAR_URL: sonarsrc.our-domain.com/
SONAR_SOURCE_PATH: .
sonar-qube:
stage: test
variables:
SONAR_CACHE_DIR: .sonar/cache
image: $SONAR_SCANNER_IMAGE
script:
- >-
sonar-scanner
-X
-Dsonar.token="$SONAR_TOKEN"
-Dsonar.host.url="https://${SONAR_URL}"
-Dsonar.projectBaseDir="$SONAR_SOURCE_PATH"
-Dsonar.projectKey="$SONAR_PROJECT_KEY"
-Dsonar.projectName="$SONAR_PROJECT_NAME"
-Dsonar.qualitygate.wait="false"
-Dsonar.scm.exclusions.disabled="false"
-Dsonar.scm.disabled="true"
-Dsonar.qualitygate.timeout=300
-Dsonar.java.binaries="${SONAR_SOURCE_PATH}/target/classes"
-Dsonar.branch.name="$CI_COMMIT_REF_NAME"
-Dsonar.verbose="true"
-Dsonar.sourceEncoding="UTF-8"
-Dsonar.log.level="INFO"
-Dsonar.sonar.sarifReportPaths="$SARIF_EXAMPLE_FILE"
rules:
- if: '$WORKFLOW_INCLUDE_SONARQUBE == "true"'
when: on_success
- if: '$WORKFLOW_TEST_MODE == "full"'
when: never
- if: '$WORKFLOW_SKIP_SONAR_QUBE == "true"'
when: never
cache:
key: "${CI_JOB_NAME}"
paths:
- $SONAR_CACHE_DIR
I don’t know which additional information you might need to help me here, just let me know and I will add it. Unfortunately, the logs do not seem to show anything else related to the failed SARIF import other than the single line included at the top.