Hello,
I’m using the Azure Pipelines to generate SARIF logs coming from three different tools : checkov, gitleaks and trivy. CodeAnalysisLogs.zip (4.4 KB)
Then, I import them using the sonar.sarifReportPaths
property :
import_sarif_test.log (231.8 KB) ← please note this is a test run, where I import a single SARIF report, for debugging purposes.
When I look at my project in the SonarQube instance (running SonarQube Enterprise 10.0.68432), I can’t locate where in my source file the issue happened : the section “Where is the issue” only shows the project and not the file contents :
Can you reproduce this behaviour ? I don’t have it for other external tools report import, like ESLint.
Precision : I tried changing the runs[].results[].locations[].physicalLocation.artifactLocation.uri
property to add absolute paths instead of paths relative to the project root, to no avail.
Thanks,
BR