Support SARIF reports

It would be great if sonar could import sarif reports, then reports generated from could be imported and displayed in sonar.


Thanks for the suggestion.

Do you know that SonarQube provides a generic way to load issues through its Generic Issue Import Format?
Maybe one thing to try before thinking about a native support of the SARIF format would be to try to convert the SARIF format into the Generic Issue Import Format.


SARIF is generated by the tool - I don’t want to spend time on special sonar adoption - in that case it would be better to just go with github’s offering in the security space instead. Also is standard - while the “generic format” is special for sonar.