Dear All,
I am trying to import Fortify produced external issues to SonarQube.
I am using the following items for this;
Fortify SSC 20.2 (it is integrated with AzureDevops 2019)
Fortify Vulnerability Exporter 1.1.0
AzureDevops 2019 On-Prem
SonarScanner for AzureDevops 4.18
SonarQube Community Edition 8.3.1 (it is integrated with AzureDevops 2019).
Windows 2016 Server for Fortify SSC
Windows 2016 Server for SonarQube Community Edition
.NET Web Project (4.6+)
-
I am doing a Fortify scan with Azure DevOps and Fortify SSC integration
-
The scan result (FPR file) is uploading to Fortify SSC automatically
-
I am getting an export from Fortify SSC through Fortify Vulnerability Exporter (with Generic Issue Import Format)
-
I am trying to import Generic Issue Import Formatted File (Json file) to SonarQube through SonarScanner for AzureDevops. I added 3 additional parameters on SonarScanner for AzureDevops
sonar.externalIssuesReportPaths=E:\Fortify\FortifyVulnerabilityExporter\sq-fortify-sast.json
sonar.cs.roslyn.ignoreIssues=true (I tried without this also but there was no change)
sonar.verbose=true
- I am encountering 2 problems
5.1. There are no issues imported (External issues ignored for 441 unknown files, including…)
2021-03-16T10:22:10.2220504Z 13:22:10.210 DEBUG: Importing issues from ‘E:\Fortify\FortifyVulnerabilityExporter\sq-fortify-sast.json’
2021-03-16T10:22:10.2654950Z 13:22:10.257 INFO: Imported 0 issues in 0 files
2021-03-16T10:22:10.2670160Z 13:22:10.257 INFO: External issues ignored for 441 unknown files, including: Agents/vbc/a0/_work/1/s/Source/………
5.2. I noticed that it seems a path problem (Agents/vbc/a0/_work/1/s/Source/………) and replaced the path with full path (E:/Agents/vbc/a0/_work/1/s/Source/………) in the external issues json file.
5.3. After that changing the problem is also changed. It seems working on the beginning. But it is getting an error and fail the task.
Error_Log.txt (17.3 KB)
Do you have any comments on this?