Submitting data to SonarQube from an external linter


(RM) #1

Hello,

I have a linting engine written in Node.JS which produces a report , it’s too much functionality to be rewritten as a sonar plugin.

I was wondering if there is a way i can feed the linter’s output data to SonarQube for its storage and dashboard displays.

I can modify the output of my linter to meet the data format expectations of SonarQube

How would i go about writing such a utility?

Any pointers to get started will be much appreciated


(Duarte Meneses) #2

Hi,
The easiest way, which doesn’t involve writing a plugin for SonarQube, is to import “external issues” in SonarQube.
Here is some documentation about it: https://docs.sonarqube.org/7.4/analysis/generic-issue/
Note that this strategy has some limitations, has described in the docs. It’s easy to try - you just need to modify the data to a json file.


(RM) #3

@dmeneses Thank you for the quick response.

I could live with the limitations of this import. But i don’t see any documentation for the actual import process or did i miss that ? is there an API which accepts the data format specified? If i run the linter for multiple projects, multiple times a day i really don’t want to perform the import manually or edit the list of reports for the analysis parameter each time.

Also, i am not hesitant of writing a Sonar Plugin, i just don’t want to rewrite each linting rule again. That being said, is there a way to write some kind of sonar plugin which could just expect an issue set instead of executing the rules within sonar, any pointers to related documentation or open source efforts would be very appreciated


(Colin Mueller) #4

Greetings,

You should feel free to pass your report to the sonar.externalIssuesReportPaths analysis parameter when performing a scan of your code. That’s how the data gets imported. :slight_smile:

A scan is ultimately required to import issue data into SonarQube.


(Duarte Meneses) #5

As @ColinHMueller mentioned, you just need to:

  • Export date to a json file, following the format given as an example in the documentation;
  • Run a SonarQube analysis of the source code, pointing to the report with sonar.externalIssuesReportPaths.

The rules in the SonarQube platform will be created automatically, if needed, based on the external issues that are imported.


(RM) #6

@ColinHMueller, @dmeneses

Thanks a lot, wow you are guys are awesome and fast.

Let me try this out.

BTW, for my curiosity, are there any other options for integration when i use an external linter , i am willing to pursue that road if it gives me a deeper integration with SonarQube.


(Duarte Meneses) #7

The only other option is to write a new analyzer for SonarQube. The analyzer would need to interact with the Sonar API to declare rules and create issues found with those rules.

It could be interesting if you were supporting a new language that is not supported by one of the SonarSource’s analyzers, since you could not only create issues but also highlight code and create symbols for that language, create measures, etc. If your goal is only to import issues, it’s probably overkill.