Sending SARIF Files via Python Script Without Using SonarQube Scanner

SonarQube Server / Community Build
,
1

Sending SARIF Files via Python Script Without Using SonarQube Scanner

Must-share information:

  • SonarQube Version: Community Edition 9.9.8-community
  • Deployment method: Docker
  • What I’m trying to achieve: Import external issues from a SARIF file using a Python script instead of the SonarQube scanner CLI, specifically for Java projects where we’re using an alternative scanning tool.

Problem description:

We have Java projects where we’re using a different tool to scan rather than the standard SonarQube Scanner. This tool produces SARIF reports with important issues. However, we don’t want to run the SonarQube Scanner CLI since it would trigger Java compilation that we’ve already done with our other tool.

We’re looking for a way to submit these external issues (in SARIF format) directly via a Python script, bypassing the need to run the SonarQube scanner.

What I’ve tried:

I’ve found documentation on importing SARIF files using the sonar.externalIssuesReportPaths parameter with the scanner, but this still requires running the scanner. I’ve explored the SonarQube API documentation but haven’t found a direct method to submit SARIF files without the scanner.

Specific question:

Is there a way to submit SARIF files containing external issues directly through the SonarQube API using Python, without having to run the SonarQube Scanner CLI?

The goal is to integrate our existing scan results into SonarQube without triggering another full scan of our Java codebase.

2

Hey there.

No, you cannot enrich the analysis results with more data after the fact. It all must be submitted at once.

:warning: Only the latest version of SonarQube Community Build is considered active.

Your upgrade path is:

9.9.8 → 24.12 → 25.5

You may find these resources helpful:

If you have questions about upgrading, feel free to open a new thread for that here.