Trouble importing SARIF reports

Hello,

Happy to be able to import SARIF reports into SonarQube ! This is a great addition.

Technical context :

  • SQ Enterprise Version 9.8 (build 63668)

  • Azure pipelines running on an Ubuntu-20.02 VMSS (Virtual Machine Scale Set), with the System.Debug variable set to true to increase verbosity

  • Sample project containing just one or two python files to perform tests

The thing is that I can’t seem to debug what goes wrong in my SARIF file ingestion, I only have a stacktrace in my pipeline execution :

Gitleaks import

ADOS run for gitleaks

2022-12-22T15:41:44.0668699Z ##[debug]SONARQUBE_SCANNER_PARAMS={"sonar.host.url":"https://sonarqube.app.corp/","sonar.login":***,"sonar.projectKey":"faurecia-cloud---sandbox---sandbox","sonar.projectName":"Sandbox - Sandbox","sonar.projectVersion":"c01ae1e44d08f645de847964d2cfcc2054316c05","sonar.sources":"/agent/_work/1/s","sonar.pullrequest.key":"35573","sonar.pullrequest.base":"develop","sonar.pullrequest.branch":"features/sonarqube-sarif","sonar.pullrequest.provider":"vsts","sonar.pullrequest.vsts.instanceUrl":"https://dev.azure.com/faurecia-cloud/","sonar.pullrequest.vsts.project":"Sandbox","sonar.pullrequest.vsts.repository":"Sandbox","sonar.scanner.metadataFilePath":"/agent/_work/_temp/sonar/20221222.2/87d50c3d-e6f0-2168-9cbf-3ea4f03a9ed5/report-task.txt","sonar.exclusions":"**/*.bin,Web/wwwroot/lib/**/*","sonar.projectBaseDir":"/agent/_work/1/s","sonar.links.homepage":"https:/dev.azure.com/faurecia-cloud/Sandbox","sonar.links.scm":"https:/dev.azure.com/faurecia-cloud/Sandbox/_git/Sandbox","sonar.externalIssuesReportPaths":"/agent/_work/1/s/gitleaks.sarif"}

2022-12-22T15:41:44.0672475Z ##[debug]SONARQUBE_ENDPOINT=***

2022-12-22T15:41:44.0674954Z ##[debug]set SONARQUBE_SCANNER_PARAMS={"sonar.host.url":"https://sonarqube.app.corp/","sonar.login":***,"sonar.projectKey":"faurecia-cloud---sandbox---sandbox","sonar.projectName":"Sandbox - Sandbox","sonar.projectVersion":"c01ae1e44d08f645de847964d2cfcc2054316c05","sonar.sources":"/agent/_work/1/s","sonar.pullrequest.key":"35573","sonar.pullrequest.base":"develop","sonar.pullrequest.branch":"features/sonarqube-sarif","sonar.pullrequest.provider":"vsts","sonar.pullrequest.vsts.instanceUrl":"https://dev.azure.com/faurecia-cloud/","sonar.pullrequest.vsts.project":"Sandbox","sonar.pullrequest.vsts.repository":"Sandbox","sonar.scanner.metadataFilePath":"/agent/_work/_temp/sonar/20221222.2/87d50c3d-e6f0-2168-9cbf-3ea4f03a9ed5/report-task.txt","sonar.exclusions":"**/*.bin,Web/wwwroot/lib/**/*","sonar.projectBaseDir":"/agent/_work/1/s","sonar.links.homepage":"https:/dev.azure.com/faurecia-cloud/Sandbox","sonar.links.scm":"https:/dev.azure.com/faurecia-cloud/Sandbox/_git/Sandbox","sonar.externalIssuesReportPaths":"/agent/_work/1/s/gitleaks.sarif"}

2022-12-22T15:41:44.0681923Z ##[debug]Processed: ##vso[task.setvariable variable=SONARQUBE_SCANNER_PARAMS;isOutput=false;issecret=false;]{"sonar.host.url":"https://sonarqube.app.corp/","sonar.login":***,"sonar.projectKey":"faurecia-cloud---sandbox---sandbox","sonar.projectName":"Sandbox - Sandbox","sonar.projectVersion":"c01ae1e44d08f645de847964d2cfcc2054316c05","sonar.sources":"/agent/_work/1/s","sonar.pullrequest.key":"35573","sonar.pullrequest.base":"develop","sonar.pullrequest.branch":"features/sonarqube-sarif","sonar.pullrequest.provider":"vsts","sonar.pullrequest.vsts.instanceUrl":"https://dev.azure.com/faurecia-cloud/","sonar.pullrequest.vsts.project":"Sandbox","sonar.pullrequest.vsts.repository":"Sandbox","sonar.scanner.metadataFilePath":"/agent/_work/_temp/sonar/20221222.2/87d50c3d-e6f0-2168-9cbf-3ea4f03a9ed5/report-task.txt","sonar.exclusions":"**/*.bin,Web/wwwroot/lib/**/*","sonar.projectBaseDir":"/agent/_work/1/s","sonar.links.homepage":"https:/dev.azure.com/faurecia-cloud/Sandbox","sonar.links.scm":"https:/dev.azure.com/faurecia-cloud/Sandbox/_git/Sandbox","sonar.externalIssuesReportPaths":"/agent/_work/1/s/gitleaks.sarif"}

2022-12-22T15:41:44.0684713Z ##[debug]Absolute path for pathSegments: /agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0,sonar-scanner,bin,sonar-scanner = /agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner

2022-12-22T15:41:44.0696893Z ##[debug]which '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner'

2022-12-22T15:41:44.0701941Z ##[debug]found: '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner'

2022-12-22T15:41:44.0703489Z ##[debug]system.debug=true

2022-12-22T15:41:44.0704985Z ##[debug]/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner arg: -X

2022-12-22T15:41:44.0707278Z ##[debug]exec tool: /agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner

2022-12-22T15:41:44.0708289Z ##[debug]arguments:

2022-12-22T15:41:44.0709229Z ##[debug] -X

2022-12-22T15:41:44.0710169Z [command]/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner -X

2022-12-22T15:41:44.2717005Z 15:41:44.269 INFO: Scanner configuration file: /agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/conf/sonar-scanner.properties

2022-12-22T15:41:44.2718763Z 15:41:44.271 INFO: Project root configuration file: NONE

2022-12-22T15:41:44.2989823Z 15:41:44.298 INFO: SonarScanner 4.7.0.2747

2022-12-22T15:41:44.2990848Z 15:41:44.298 INFO: Java 11.0.16.1 Eclipse Adoptium (64-bit)

2022-12-22T15:41:44.2991732Z 15:41:44.298 INFO: Linux 5.15.0-1020-azure amd64

[...]

2022-12-22T15:41:58.4886077Z 15:41:58.488 DEBUG: Importing issues from '/agent/_work/1/s/gitleaks.sarif'

2022-12-22T15:41:58.5008659Z 15:41:58.500 INFO: ------------------------------------------------------------------------

2022-12-22T15:41:58.5010540Z 15:41:58.500 INFO: EXECUTION FAILURE

2022-12-22T15:41:58.5011773Z 15:41:58.500 INFO: ------------------------------------------------------------------------

2022-12-22T15:41:58.5012495Z 15:41:58.500 INFO: Total time: 14.262s

2022-12-22T15:41:58.5619717Z 15:41:58.559 INFO: Final Memory: 33M/117M

2022-12-22T15:41:58.5621578Z 15:41:58.559 INFO: ------------------------------------------------------------------------

2022-12-22T15:41:58.5652448Z ##[error]15:41:58.559 ERROR: Error during SonarScanner execution

java.lang.NullPointerException

2022-12-22T15:41:58.5661163Z ##[debug]Processed: ##vso[task.logissue type=error;]15:41:58.559 ERROR: Error during SonarScanner execution%0Ajava.lang.NullPointerException

2022-12-22T15:41:58.5662412Z 15:41:58.559 ERROR: Error during SonarScanner execution

2022-12-22T15:41:58.5662979Z java.lang.NullPointerException

2022-12-22T15:41:58.5675432Z ##[error]at org.sonar.scanner.externalissue.ReportParser.validate(ReportParser.java:52)

at org.sonar.scanner.externalissue.ReportParser.parse(ReportParser.java:43)

at org.sonar.scanner.externalissue.ExternalIssuesImportSensor.execute(ExternalIssuesImportSensor.java:72)

at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)

at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)

at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)

at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)

at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)

at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)

at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:401)

at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:397)

at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:366)

at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:135)

at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)

at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)

at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)

at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.base/java.lang.reflect.Method.invoke(Method.java:566)

at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)

at com.sun.proxy.$Proxy0.execute(Unknown Source)

at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)

at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)

at org.sonarsource.scanner.cli.Main.execute(Main.java:112)

at org.sonarsource.scanner.cli.Main.execute(Main.java:75)

at org.sonarsource.scanner.cli.Main.main(Main.java:61)

2022-12-22T15:41:58.5687944Z ##[debug]Processed: ##vso[task.logissue type=error;]at org.sonar.scanner.externalissue.ReportParser.validate(ReportParser.java:52)%0A at org.sonar.scanner.externalissue.ReportParser.parse(ReportParser.java:43)%0A at org.sonar.scanner.externalissue.ExternalIssuesImportSensor.execute(ExternalIssuesImportSensor.java:72)%0A at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)%0A at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)%0A at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)%0A at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)%0A at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)%0A at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)%0A at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)%0A at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)%0A at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:401)%0A at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:397)%0A at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:366)%0A at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)%0A at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)%0A at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:135)%0A at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)%0A at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)%0A at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)%0A at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)%0A at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)%0A at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)%0A at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)%0A at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)%0A at java.base/java.lang.reflect.Method.invoke(Method.java:566)%0A at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)%0A at com.sun.proxy.$Proxy0.execute(Unknown Source)%0A at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)%0A at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)%0A at org.sonarsource.scanner.cli.Main.execute(Main.java:112)%0A at org.sonarsource.scanner.cli.Main.execute(Main.java:75)%0A at org.sonarsource.scanner.cli.Main.main(Main.java:61)

2022-12-22T15:41:58.5694659Z at org.sonar.scanner.externalissue.ReportParser.validate(ReportParser.java:52)

2022-12-22T15:41:58.5695316Z at org.sonar.scanner.externalissue.ReportParser.parse(ReportParser.java:43)

2022-12-22T15:41:58.5695983Z at org.sonar.scanner.externalissue.ExternalIssuesImportSensor.execute(ExternalIssuesImportSensor.java:72)

2022-12-22T15:41:58.5696682Z at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)

2022-12-22T15:41:58.5697334Z at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)

2022-12-22T15:41:58.5698006Z at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)

2022-12-22T15:41:58.5698655Z at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)

2022-12-22T15:41:58.5699325Z at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)

2022-12-22T15:41:58.5699995Z at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)

2022-12-22T15:41:58.5700711Z at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

2022-12-22T15:41:58.5701401Z at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

2022-12-22T15:41:58.5702087Z at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:401)

2022-12-22T15:41:58.5702774Z at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:397)

2022-12-22T15:41:58.5703480Z at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:366)

2022-12-22T15:41:58.5704352Z at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

2022-12-22T15:41:58.5705069Z at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

2022-12-22T15:41:58.5705758Z at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:135)

2022-12-22T15:41:58.5706475Z at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

2022-12-22T15:41:58.5707166Z at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

2022-12-22T15:41:58.5707795Z at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)

2022-12-22T15:41:58.5708352Z at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)

2022-12-22T15:41:58.5708980Z at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)

2022-12-22T15:41:58.5709626Z at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

2022-12-22T15:41:58.5710381Z at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

2022-12-22T15:41:58.5711075Z at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

2022-12-22T15:41:58.5711730Z at java.base/java.lang.reflect.Method.invoke(Method.java:566)

2022-12-22T15:41:58.5712359Z at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)

2022-12-22T15:41:58.5712939Z at com.sun.proxy.$Proxy0.execute(Unknown Source)

2022-12-22T15:41:58.5713499Z at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)

2022-12-22T15:41:58.5714170Z at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)

2022-12-22T15:41:58.5714751Z at org.sonarsource.scanner.cli.Main.execute(Main.java:112)

2022-12-22T15:41:58.5715288Z at org.sonarsource.scanner.cli.Main.execute(Main.java:75)

2022-12-22T15:41:58.5715830Z at org.sonarsource.scanner.cli.Main.main(Main.java:61)

2022-12-22T15:41:58.8923372Z ##[debug]Exit code 1 received from tool '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner'

2022-12-22T15:41:58.8926639Z ##[debug]STDIO streams have closed for tool '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner'

2022-12-22T15:41:58.8954253Z ##[debug]task result: Failed

2022-12-22T15:41:58.8956504Z ##[error]The process '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner' failed with exit code 1

2022-12-22T15:41:58.8958324Z ##[debug]Processed: ##vso[task.issue type=error;]The process '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner' failed with exit code 1

2022-12-22T15:41:58.8961804Z ##[debug]Processed: ##vso[task.complete result=Failed;]The process '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner' failed with exit code 1

Having a look at the Importing issues from SARIF reports doc tells about some sections to mandatorily have in the SARIF file :

Mandatory fields for SonarQube

  • version - must be “2.1.0”

$ cat gitleaks.sarif | yq '.version'

2.1.0

  • runs[].tool.driver.name - name of the tool that created the report

$ cat gitleaks.sarif | yq '.runs[].tool.driver.name'

gitleaks

  • runs[].results[].message.text - message of the external issue

$ cat gitleaks.sarif | yq '.runs[].results[].message.text'

sendgrid-api-token has detected secret for file files/python/configure.py.

CSCAN0092 / CSCAN0043 has detected secret for file files/python/configure.py.

  • sarifLog.runs[].result[].ruleId - ID of the corresponding rule in the tool that created the report

$ cat gitleaks.sarif | yq '.sarifLog.runs[].result[].ruleId'

# This one confused me. I don't have anything in this section. But :

$ cat gitleaks.sarif | yq '.runs[].results[].ruleId'

sendgrid-api-token

CSCAN0092 / CSCAN0043

Optional fields

  • runs[].results[].locations[]

cat gitleaks.sarif | yq '.runs[].results[].locations[]'

{"physicalLocation": {"artifactLocation": {"uri": "files/python/configure.py"}, "region": {"startLine": 56, "startColumn": 18, "endLine": 56, "endColumn": 87, "snippet": {"text": "REDACTED"}}}}

{"physicalLocation": {"artifactLocation": {"uri": "files/python/configure.py"}, "region": {"startLine": 57, "startColumn": 74, "endLine": 57, "endColumn": 110, "snippet": {"text": "REDACTED"}}}}

  • sarifLog.runs[].result[].level

cat gitleaks.sarif | yq '.sarifLog.runs[].result[].level'

# This one is not found in my SARIF file, but:

cat gitleaks.sarif | yq '.runs[].results[].level'

null

null

Trivy import

ADOS run for trivy

2022-12-22T16:01:52.1230478Z ##[debug]SONARQUBE_SCANNER_PARAMS={"sonar.host.url":"https://sonarqube.app.corp/","sonar.login":***,"sonar.projectKey":"faurecia-cloud---sandbox---sandbox","sonar.projectName":"Sandbox - Sandbox","sonar.projectVersion":"174887a0dca11fd3407fe247563921777b6546ce","sonar.sources":"/agent/_work/1/s","sonar.pullrequest.key":"35573","sonar.pullrequest.base":"develop","sonar.pullrequest.branch":"features/sonarqube-sarif","sonar.pullrequest.provider":"vsts","sonar.pullrequest.vsts.instanceUrl":"https://dev.azure.com/faurecia-cloud/","sonar.pullrequest.vsts.project":"Sandbox","sonar.pullrequest.vsts.repository":"Sandbox","sonar.scanner.metadataFilePath":"/agent/_work/_temp/sonar/20221222.4/2b994488-b660-c085-463a-a865557d63f3/report-task.txt","sonar.exclusions":"**/*.bin,Web/wwwroot/lib/**/*","sonar.projectBaseDir":"/agent/_work/1/s","sonar.links.homepage":"https:/dev.azure.com/faurecia-cloud/Sandbox","sonar.links.scm":"https:/dev.azure.com/faurecia-cloud/Sandbox/_git/Sandbox","sonar.externalIssuesReportPaths":"/agent/_work/1/s/trivy.sarif"}

2022-12-22T16:01:52.1235265Z ##[debug]SONARQUBE_ENDPOINT=***

2022-12-22T16:01:52.1239768Z ##[debug]set SONARQUBE_SCANNER_PARAMS={"sonar.host.url":"https://sonarqube.app.corp/","sonar.login":***,"sonar.projectKey":"faurecia-cloud---sandbox---sandbox","sonar.projectName":"Sandbox - Sandbox","sonar.projectVersion":"174887a0dca11fd3407fe247563921777b6546ce","sonar.sources":"/agent/_work/1/s","sonar.pullrequest.key":"35573","sonar.pullrequest.base":"develop","sonar.pullrequest.branch":"features/sonarqube-sarif","sonar.pullrequest.provider":"vsts","sonar.pullrequest.vsts.instanceUrl":"https://dev.azure.com/faurecia-cloud/","sonar.pullrequest.vsts.project":"Sandbox","sonar.pullrequest.vsts.repository":"Sandbox","sonar.scanner.metadataFilePath":"/agent/_work/_temp/sonar/20221222.4/2b994488-b660-c085-463a-a865557d63f3/report-task.txt","sonar.exclusions":"**/*.bin,Web/wwwroot/lib/**/*","sonar.projectBaseDir":"/agent/_work/1/s","sonar.links.homepage":"https:/dev.azure.com/faurecia-cloud/Sandbox","sonar.links.scm":"https:/dev.azure.com/faurecia-cloud/Sandbox/_git/Sandbox","sonar.externalIssuesReportPaths":"/agent/_work/1/s/trivy.sarif"}

2022-12-22T16:01:52.1249595Z ##[debug]Processed: ##vso[task.setvariable variable=SONARQUBE_SCANNER_PARAMS;isOutput=false;issecret=false;]{"sonar.host.url":"https://sonarqube.app.corp/","sonar.login":***,"sonar.projectKey":"faurecia-cloud---sandbox---sandbox","sonar.projectName":"Sandbox - Sandbox","sonar.projectVersion":"174887a0dca11fd3407fe247563921777b6546ce","sonar.sources":"/agent/_work/1/s","sonar.pullrequest.key":"35573","sonar.pullrequest.base":"develop","sonar.pullrequest.branch":"features/sonarqube-sarif","sonar.pullrequest.provider":"vsts","sonar.pullrequest.vsts.instanceUrl":"https://dev.azure.com/faurecia-cloud/","sonar.pullrequest.vsts.project":"Sandbox","sonar.pullrequest.vsts.repository":"Sandbox","sonar.scanner.metadataFilePath":"/agent/_work/_temp/sonar/20221222.4/2b994488-b660-c085-463a-a865557d63f3/report-task.txt","sonar.exclusions":"**/*.bin,Web/wwwroot/lib/**/*","sonar.projectBaseDir":"/agent/_work/1/s","sonar.links.homepage":"https:/dev.azure.com/faurecia-cloud/Sandbox","sonar.links.scm":"https:/dev.azure.com/faurecia-cloud/Sandbox/_git/Sandbox","sonar.externalIssuesReportPaths":"/agent/_work/1/s/trivy.sarif"}

2022-12-22T16:01:52.1254080Z ##[debug]Absolute path for pathSegments: /agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0,sonar-scanner,bin,sonar-scanner = /agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner

2022-12-22T16:01:52.1270579Z ##[debug]which '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner'

2022-12-22T16:01:52.1275660Z ##[debug]found: '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner'

2022-12-22T16:01:52.1277270Z ##[debug]system.debug=true

2022-12-22T16:01:52.1278970Z ##[debug]/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner arg: -X

2022-12-22T16:01:52.1280965Z ##[debug]exec tool: /agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner

2022-12-22T16:01:52.1282501Z ##[debug]arguments:

2022-12-22T16:01:52.1283813Z ##[debug] -X

2022-12-22T16:01:52.1285180Z [command]/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner -X

2022-12-22T16:01:53.6371799Z 16:01:53.634 INFO: Scanner configuration file: /agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/conf/sonar-scanner.properties

2022-12-22T16:01:53.6373840Z 16:01:53.636 INFO: Project root configuration file: NONE

2022-12-22T16:01:53.8122968Z 16:01:53.811 INFO: SonarScanner 4.7.0.2747

2022-12-22T16:01:53.8124820Z 16:01:53.812 INFO: Java 11.0.16.1 Eclipse Adoptium (64-bit)

2022-12-22T16:01:53.8125834Z 16:01:53.812 INFO: Linux 5.15.0-1020-azure amd64

[...]

2022-12-22T16:02:10.2175727Z 16:02:10.217 DEBUG: Importing issues from '/agent/_work/1/s/trivy.sarif'

2022-12-22T16:02:10.2309617Z 16:02:10.230 INFO: ------------------------------------------------------------------------

2022-12-22T16:02:10.2311653Z 16:02:10.230 INFO: EXECUTION FAILURE

2022-12-22T16:02:10.2312872Z 16:02:10.230 INFO: ------------------------------------------------------------------------

2022-12-22T16:02:10.2314179Z 16:02:10.230 INFO: Total time: 16.713s

2022-12-22T16:02:10.3131020Z 16:02:10.311 INFO: Final Memory: 33M/117M

2022-12-22T16:02:10.3133574Z 16:02:10.311 INFO: ------------------------------------------------------------------------

2022-12-22T16:02:10.3181881Z ##[error]16:02:10.311 ERROR: Error during SonarScanner execution

java.lang.NullPointerException

at org.sonar.scanner.externalissue.ReportParser.validate(ReportParser.java:52)

at org.sonar.scanner.externalissue.ReportParser.parse(ReportParser.java:43)

at org.sonar.scanner.externalissue.ExternalIssuesImportSensor.execute(ExternalIssuesImportSensor.java:72)

at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)

at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)

at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)

at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)

at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)

at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)

at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:401)

at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:397)

at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:366)

at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:135)

at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)

at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)

at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)

at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.base/java.lang.reflect.Method.invoke(Method.java:566)

at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)

at com.sun.proxy.$Proxy0.execute(Unknown Source)

at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)

at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)

at org.sonarsource.scanner.cli.Main.execute(Main.java:112)

at org.sonarsource.scanner.cli.Main.execute(Main.java:75)

at org.sonarsource.scanner.cli.Main.main(Main.java:61)

2022-12-22T16:02:10.3202860Z ##[debug]Processed: ##vso[task.logissue type=error;]16:02:10.311 ERROR: Error during SonarScanner execution%0Ajava.lang.NullPointerException%0A at org.sonar.scanner.externalissue.ReportParser.validate(ReportParser.java:52)%0A at org.sonar.scanner.externalissue.ReportParser.parse(ReportParser.java:43)%0A at org.sonar.scanner.externalissue.ExternalIssuesImportSensor.execute(ExternalIssuesImportSensor.java:72)%0A at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)%0A at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)%0A at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)%0A at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)%0A at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)%0A at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)%0A at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)%0A at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)%0A at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:401)%0A at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:397)%0A at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:366)%0A at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)%0A at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)%0A at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:135)%0A at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)%0A at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)%0A at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)%0A at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)%0A at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)%0A at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)%0A at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)%0A at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)%0A at java.base/java.lang.reflect.Method.invoke(Method.java:566)%0A at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)%0A at com.sun.proxy.$Proxy0.execute(Unknown Source)%0A at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)%0A at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)%0A at org.sonarsource.scanner.cli.Main.execute(Main.java:112)%0A at org.sonarsource.scanner.cli.Main.execute(Main.java:75)%0A at org.sonarsource.scanner.cli.Main.main(Main.java:61)

2022-12-22T16:02:10.3209987Z 16:02:10.311 ERROR: Error during SonarScanner execution

2022-12-22T16:02:10.3210328Z java.lang.NullPointerException

2022-12-22T16:02:10.3210770Z at org.sonar.scanner.externalissue.ReportParser.validate(ReportParser.java:52)

2022-12-22T16:02:10.3211310Z at org.sonar.scanner.externalissue.ReportParser.parse(ReportParser.java:43)

2022-12-22T16:02:10.3211891Z at org.sonar.scanner.externalissue.ExternalIssuesImportSensor.execute(ExternalIssuesImportSensor.java:72)

2022-12-22T16:02:10.3212497Z at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)

2022-12-22T16:02:10.3213088Z at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)

2022-12-22T16:02:10.3213676Z at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)

2022-12-22T16:02:10.3214299Z at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)

2022-12-22T16:02:10.3214921Z at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)

2022-12-22T16:02:10.3215518Z at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)

2022-12-22T16:02:10.3216143Z at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

2022-12-22T16:02:10.3216753Z at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

2022-12-22T16:02:10.3217342Z at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:401)

2022-12-22T16:02:10.3217914Z at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:397)

2022-12-22T16:02:10.3218542Z at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:366)

2022-12-22T16:02:10.3219161Z at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

2022-12-22T16:02:10.3219782Z at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

2022-12-22T16:02:10.3220399Z at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:135)

2022-12-22T16:02:10.3221018Z at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

2022-12-22T16:02:10.3221627Z at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

2022-12-22T16:02:10.3222157Z at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)

2022-12-22T16:02:10.3222625Z at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)

2022-12-22T16:02:10.3223179Z at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)

2022-12-22T16:02:10.3223749Z at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

2022-12-22T16:02:10.3224296Z at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

2022-12-22T16:02:10.3224936Z at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

2022-12-22T16:02:10.3225499Z at java.base/java.lang.reflect.Method.invoke(Method.java:566)

2022-12-22T16:02:10.3226030Z at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)

2022-12-22T16:02:10.3226523Z at com.sun.proxy.$Proxy0.execute(Unknown Source)

2022-12-22T16:02:10.3226993Z at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)

2022-12-22T16:02:10.3227536Z at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)

2022-12-22T16:02:10.3228048Z at org.sonarsource.scanner.cli.Main.execute(Main.java:112)

2022-12-22T16:02:10.3228500Z at org.sonarsource.scanner.cli.Main.execute(Main.java:75)

2022-12-22T16:02:10.3228947Z at org.sonarsource.scanner.cli.Main.main(Main.java:61)

2022-12-22T16:02:10.6453417Z ##[debug]Exit code 1 received from tool '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner'

2022-12-22T16:02:10.6458445Z ##[debug]STDIO streams have closed for tool '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner'

2022-12-22T16:02:10.6488621Z ##[debug]task result: Failed

2022-12-22T16:02:10.6490964Z ##[error]The process '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner' failed with exit code 1

2022-12-22T16:02:10.6492465Z ##[debug]Processed: ##vso[task.issue type=error;]The process '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner' failed with exit code 1

2022-12-22T16:02:10.6495533Z ##[debug]Processed: ##vso[task.complete result=Failed;]The process '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner' failed with exit code 1

Mandatory fields for SonarQube

  • version - must be “2.1.0”

$ cat trivy.sarif | yq '.version'

2.1.0

  • runs[].tool.driver.name - name of the tool that created the report

$ cat trivy.sarif | yq '.runs[].tool.driver.name'

Trivy

  • runs[].results[].message.text - message of the external issue

$ cat gitleaks.sarif | yq '.runs[].results[].message.text'

Artifact: files/python/configure.py

Type:

Secret SendGrid API token

Severity: MEDIUM

Match: SG_TOKEN = "*********************************************************************"

  • sarifLog.runs[].result[].ruleId - ID of the corresponding rule in the tool that created the report

$ cat cat trivy.sarif | yq '.runs[].results[].ruleId'

sendgrid-api-token

Optional fields

  • runs[].results[].locations[]

cat trivy.sarif | yq '.runs[].results[].locations[]'

{"physicalLocation": {"artifactLocation": {"uri": "files/python/configure.py", "uriBaseId": "ROOTPATH"}, "region": {"startLine": 56, "startColumn": 1, "endLine": 56, "endColumn": 1}}, "message": {"text": "files/python/configure.py"}}

  • sarifLog.runs[].result[].level

cat trivy.sarif | yq '.sarifLog.runs[].result[].level'

# This one is not found in my SARIF file, but:

cat trivy.sarif | yq '.runs[].results[].level'

warning

Would you happen to have an idea about this ?

(I’ll try to add details for a checkov file execution in the future)

Checkov import

ADOS run for checkov

2022-12-22T16:32:41.7863558Z ##[debug]SONARQUBE_SCANNER_PARAMS={"sonar.host.url":"https://sonarqube.app.corp/","sonar.login":***,"sonar.projectKey":"faurecia-cloud---sandbox---sandbox","sonar.projectName":"Sandbox - Sandbox","sonar.projectVersion":"980bad998a33c34afb3c26727f3331d3ce8c463e","sonar.sources":"/agent/_work/1/s","sonar.pullrequest.key":"35573","sonar.pullrequest.base":"develop","sonar.pullrequest.branch":"features/sonarqube-sarif","sonar.pullrequest.provider":"vsts","sonar.pullrequest.vsts.instanceUrl":"https://dev.azure.com/faurecia-cloud/","sonar.pullrequest.vsts.project":"Sandbox","sonar.pullrequest.vsts.repository":"Sandbox","sonar.scanner.metadataFilePath":"/agent/_work/_temp/sonar/20221222.8/94982f18-5acc-da6e-d1d0-6c803d553f39/report-task.txt","sonar.exclusions":"**/*.bin,Web/wwwroot/lib/**/*","sonar.projectBaseDir":"/agent/_work/1/s","sonar.links.homepage":"https:/dev.azure.com/faurecia-cloud/Sandbox","sonar.links.scm":"https:/dev.azure.com/faurecia-cloud/Sandbox/_git/Sandbox","sonar.externalIssuesReportPaths":"/agent/_work/1/checkov_analysis_report/leaks_tests_checkov.sarif"}

2022-12-22T16:32:41.7868841Z ##[debug]SONARQUBE_ENDPOINT=***

2022-12-22T16:32:41.7873543Z ##[debug]set SONARQUBE_SCANNER_PARAMS={"sonar.host.url":"https://sonarqube.app.corp/","sonar.login":***,"sonar.projectKey":"faurecia-cloud---sandbox---sandbox","sonar.projectName":"Sandbox - Sandbox","sonar.projectVersion":"980bad998a33c34afb3c26727f3331d3ce8c463e","sonar.sources":"/agent/_work/1/s","sonar.pullrequest.key":"35573","sonar.pullrequest.base":"develop","sonar.pullrequest.branch":"features/sonarqube-sarif","sonar.pullrequest.provider":"vsts","sonar.pullrequest.vsts.instanceUrl":"https://dev.azure.com/faurecia-cloud/","sonar.pullrequest.vsts.project":"Sandbox","sonar.pullrequest.vsts.repository":"Sandbox","sonar.scanner.metadataFilePath":"/agent/_work/_temp/sonar/20221222.8/94982f18-5acc-da6e-d1d0-6c803d553f39/report-task.txt","sonar.exclusions":"**/*.bin,Web/wwwroot/lib/**/*","sonar.projectBaseDir":"/agent/_work/1/s","sonar.links.homepage":"https:/dev.azure.com/faurecia-cloud/Sandbox","sonar.links.scm":"https:/dev.azure.com/faurecia-cloud/Sandbox/_git/Sandbox","sonar.externalIssuesReportPaths":"/agent/_work/1/checkov_analysis_report/leaks_tests_checkov.sarif"}

2022-12-22T16:32:41.7884265Z ##[debug]Processed: ##vso[task.setvariable variable=SONARQUBE_SCANNER_PARAMS;isOutput=false;issecret=false;]{"sonar.host.url":"https://sonarqube.app.corp/","sonar.login":***,"sonar.projectKey":"faurecia-cloud---sandbox---sandbox","sonar.projectName":"Sandbox - Sandbox","sonar.projectVersion":"980bad998a33c34afb3c26727f3331d3ce8c463e","sonar.sources":"/agent/_work/1/s","sonar.pullrequest.key":"35573","sonar.pullrequest.base":"develop","sonar.pullrequest.branch":"features/sonarqube-sarif","sonar.pullrequest.provider":"vsts","sonar.pullrequest.vsts.instanceUrl":"https://dev.azure.com/faurecia-cloud/","sonar.pullrequest.vsts.project":"Sandbox","sonar.pullrequest.vsts.repository":"Sandbox","sonar.scanner.metadataFilePath":"/agent/_work/_temp/sonar/20221222.8/94982f18-5acc-da6e-d1d0-6c803d553f39/report-task.txt","sonar.exclusions":"**/*.bin,Web/wwwroot/lib/**/*","sonar.projectBaseDir":"/agent/_work/1/s","sonar.links.homepage":"https:/dev.azure.com/faurecia-cloud/Sandbox","sonar.links.scm":"https:/dev.azure.com/faurecia-cloud/Sandbox/_git/Sandbox","sonar.externalIssuesReportPaths":"/agent/_work/1/checkov_analysis_report/leaks_tests_checkov.sarif"}

2022-12-22T16:32:41.7890106Z ##[debug]Absolute path for pathSegments: /agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0,sonar-scanner,bin,sonar-scanner = /agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner

2022-12-22T16:32:41.7905607Z ##[debug]which '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner'

2022-12-22T16:32:41.7907799Z ##[debug]found: '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner'

2022-12-22T16:32:41.7909482Z ##[debug]system.debug=true

2022-12-22T16:32:41.7911216Z ##[debug]/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner arg: -X

2022-12-22T16:32:41.7913202Z ##[debug]exec tool: /agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner

2022-12-22T16:32:41.7914805Z ##[debug]arguments:

2022-12-22T16:32:41.7916127Z ##[debug] -X

2022-12-22T16:32:41.7917811Z [command]/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner -X

2022-12-22T16:32:41.9882997Z 16:32:41.985 INFO: Scanner configuration file: /agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/conf/sonar-scanner.properties

2022-12-22T16:32:41.9891187Z 16:32:41.987 INFO: Project root configuration file: NONE

2022-12-22T16:32:42.0162833Z 16:32:42.015 INFO: SonarScanner 4.7.0.2747

2022-12-22T16:32:42.0164217Z 16:32:42.016 INFO: Java 11.0.16.1 Eclipse Adoptium (64-bit)

2022-12-22T16:32:42.0165381Z 16:32:42.016 INFO: Linux 5.15.0-1020-azure amd64

[...]

2022-12-22T16:32:56.1829941Z 16:32:56.182 DEBUG: Importing issues from '/agent/_work/1/checkov_analysis_report/leaks_tests_checkov.sarif'

2022-12-22T16:32:56.1932816Z 16:32:56.192 INFO: ------------------------------------------------------------------------

2022-12-22T16:32:56.1933482Z 16:32:56.192 INFO: EXECUTION FAILURE

2022-12-22T16:32:56.1936417Z 16:32:56.192 INFO: ------------------------------------------------------------------------

2022-12-22T16:32:56.1937452Z 16:32:56.193 INFO: Total time: 14.239s

2022-12-22T16:32:56.2593862Z 16:32:56.257 INFO: Final Memory: 33M/117M

2022-12-22T16:32:56.2596154Z 16:32:56.257 INFO: ------------------------------------------------------------------------

2022-12-22T16:32:56.2631188Z ##[error]16:32:56.257 ERROR: Error during SonarScanner execution

java.lang.NullPointerException

at org.sonar.scanner.externalissue.ReportParser.validate(ReportParser.java:52)

at org.sonar.scanner.externalissue.ReportParser.parse(ReportParser.java:43)

at org.sonar.scanner.externalissue.ExternalIssuesImportSensor.execute(ExternalIssuesImportSensor.java:72)

2022-12-22T16:32:56.2639874Z ##[debug]Processed: ##vso[task.logissue type=error;]16:32:56.257 ERROR: Error during SonarScanner execution%0Ajava.lang.NullPointerException%0A at org.sonar.scanner.externalissue.ReportParser.validate(ReportParser.java:52)%0A at org.sonar.scanner.externalissue.ReportParser.parse(ReportParser.java:43)%0A at org.sonar.scanner.externalissue.ExternalIssuesImportSensor.execute(ExternalIssuesImportSensor.java:72)

2022-12-22T16:32:56.2641720Z 16:32:56.257 ERROR: Error during SonarScanner execution

2022-12-22T16:32:56.2642636Z java.lang.NullPointerException

2022-12-22T16:32:56.2643320Z at org.sonar.scanner.externalissue.ReportParser.validate(ReportParser.java:52)

2022-12-22T16:32:56.2644034Z at org.sonar.scanner.externalissue.ReportParser.parse(ReportParser.java:43)

2022-12-22T16:32:56.2644898Z at org.sonar.scanner.externalissue.ExternalIssuesImportSensor.execute(ExternalIssuesImportSensor.java:72)

2022-12-22T16:32:56.2656134Z ##[error]at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)

at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)

at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)

at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)

at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)

at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)

at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:401)

at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:397)

at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:366)

at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:135)

at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)

at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)

at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)

at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.base/java.lang.reflect.Method.invoke(Method.java:566)

at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)

at com.sun.proxy.$Proxy0.execute(Unknown Source)

at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)

at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)

at org.sonarsource.scanner.cli.Main.execute(Main.java:112)

at org.sonarsource.scanner.cli.Main.execute(Main.java:75)

at org.sonarsource.scanner.cli.Main.main(Main.java:61)

2022-12-22T16:32:56.2667031Z ##[debug]Processed: ##vso[task.logissue type=error;]at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)%0A at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)%0A at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)%0A at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)%0A at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)%0A at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)%0A at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)%0A at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)%0A at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:401)%0A at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:397)%0A at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:366)%0A at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)%0A at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)%0A at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:135)%0A at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)%0A at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)%0A at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)%0A at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)%0A at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)%0A at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)%0A at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)%0A at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)%0A at java.base/java.lang.reflect.Method.invoke(Method.java:566)%0A at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)%0A at com.sun.proxy.$Proxy0.execute(Unknown Source)%0A at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)%0A at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)%0A at org.sonarsource.scanner.cli.Main.execute(Main.java:112)%0A at org.sonarsource.scanner.cli.Main.execute(Main.java:75)%0A at org.sonarsource.scanner.cli.Main.main(Main.java:61)

2022-12-22T16:32:56.2673814Z at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)

2022-12-22T16:32:56.2674672Z at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)

2022-12-22T16:32:56.2675314Z at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)

2022-12-22T16:32:56.2676181Z at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)

2022-12-22T16:32:56.2677059Z at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)

2022-12-22T16:32:56.2677896Z at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)

2022-12-22T16:32:56.2678783Z at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

2022-12-22T16:32:56.2679905Z at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

2022-12-22T16:32:56.2680723Z at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:401)

2022-12-22T16:32:56.2681558Z at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:397)

2022-12-22T16:32:56.2682409Z at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:366)

2022-12-22T16:32:56.2683259Z at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

2022-12-22T16:32:56.2684112Z at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

2022-12-22T16:32:56.2684929Z at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:135)

2022-12-22T16:32:56.2685762Z at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)

2022-12-22T16:32:56.2686616Z at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)

2022-12-22T16:32:56.2687378Z at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)

2022-12-22T16:32:56.2688068Z at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)

2022-12-22T16:32:56.2688864Z at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)

2022-12-22T16:32:56.2689966Z at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

2022-12-22T16:32:56.2690744Z at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

2022-12-22T16:32:56.2691592Z at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

2022-12-22T16:32:56.2692364Z at java.base/java.lang.reflect.Method.invoke(Method.java:566)

2022-12-22T16:32:56.2693074Z at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)

2022-12-22T16:32:56.2693847Z at com.sun.proxy.$Proxy0.execute(Unknown Source)

2022-12-22T16:32:56.2694543Z at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)

2022-12-22T16:32:56.2695329Z at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)

2022-12-22T16:32:56.2696054Z at org.sonarsource.scanner.cli.Main.execute(Main.java:112)

2022-12-22T16:32:56.2696738Z at org.sonarsource.scanner.cli.Main.execute(Main.java:75)

2022-12-22T16:32:56.2697327Z at org.sonarsource.scanner.cli.Main.main(Main.java:61)

2022-12-22T16:32:56.5914514Z ##[debug]Exit code 1 received from tool '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner'

2022-12-22T16:32:56.5919831Z ##[debug]STDIO streams have closed for tool '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner'

2022-12-22T16:32:56.5949357Z ##[debug]task result: Failed

2022-12-22T16:32:56.5951490Z ##[error]The process '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner' failed with exit code 1

2022-12-22T16:32:56.5952965Z ##[debug]Processed: ##vso[task.issue type=error;]The process '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner' failed with exit code 1

2022-12-22T16:32:56.5955993Z ##[debug]Processed: ##vso[task.complete result=Failed;]The process '/agent/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-4b15-8491-8164aeb38055/5.8.0/sonar-scanner/bin/sonar-scanner' failed with exit code 1

Mandatory fields for SonarQube

  • version - must be “2.1.0”

$ cat leaks_tests_checkov.sarif | yq '.version'

2.1.0

  • runs[].tool.driver.name - name of the tool that created the report

$ cat leaks_tests_checkov.sarif | yq '.runs[].tool.driver.name'

Checkov

  • runs[].results[].message.text - message of the external issue

$ cat leaks_tests_checkov.sarif | yq '.runs[].results[].message.text'

Base64 High Entropy String

Base64 High Entropy String

Base64 High Entropy String

  • sarifLog.runs[].result[].ruleId - ID of the corresponding rule in the tool that created the report

$ cat leaks_tests_checkov.sarif | yq '.runs[].results[].ruleId'

CKV_SECRET_6

CKV_SECRET_6

CKV_SECRET_6

Optional fields

  • runs[].results[].locations[]

$ cat leaks_tests_checkov.sarif | yq '.runs[].results[].locations[]'

{"physicalLocation": {"artifactLocation": {"uri": "files/appsettings.json"}, "region": {"startLine": 21, "endLine": 22}}}

{"physicalLocation": {"artifactLocation": {"uri": "files/appsettings.json"}, "region": {"startLine": 21, "endLine": 22}}}

{"physicalLocation": {"artifactLocation": {"uri": "files/appsettings.json"}, "region": {"startLine": 22, "endLine": 23}}}

  • sarifLog.runs[].result[].level

$ cat leaks_tests_checkov.sarif | yq '.sarifLog.runs[].result[].level'

# This one is not found in my SARIF file, but:

$ cat leaks_tests_checkov.sarif | yq '.runs[].results[].level'

# No report from checkov on the level

Hey there.

It’s great to get some early feedback on this feature – so thanks! I’ve split this into a dedicated thread away from the feature request.

I’ve gone ahead and flagged this thread for some expert attention (which I expect will come after the holiday period).

In the meantime, alongside the information you’ve provided, it would be really helpful if you could either

  • upload a full SARIF report you’re facing the NPE on while trying to import
  • even better, link to a full sample project (including the commands used to generate the SARIF reports)

Hello !

@Carine_Bayon knows for sure I was very excited by the announcement !

There you go for the SARIF files : sonarqube_sarif.zip (3.8 KB)

About the commands :

Checkov:

# skip check CKV_DOCKER_2 : ensure the Dockerfile includes a HEALTHCHECK directive
checkov --directory . --quiet --compact --skip-check CKV_DOCKER_2 --output sarif --output-file-path $(Build.ArtifactStagingDirectory)/

Gitleaks:

gitleaks detect --redact --config /home/linuxbrew/gitleaks.toml --no-git --report-format sarif --report-path "${report_path}"

gitleaks.toml (4.5 KB)

Trivy :

trivy fs --security-checks config,secret $(Build.SourcesDirectory) --exit-code 1 --format sarif --output "${report_path}"

This is an example file I have in my test repo to check for secrets:
appsettings.zip (759 Bytes)

Thanks, BR !

kics
kics.sarif.json (8.1 KB)

Hi @Mikaciu,

I’ve just noticed in your config that you’re using sonar.externalIssuesReportPaths property to specify the path to the SARIF report.
This property is used for importing issues using Generic issue import format.
For SARIF import sonar.sarifReportPaths property should be used.
Can you try using this property and see if this fixes the problem?

Hello @wojtek.wajerowicz !

So obvious I didn’t see it … It’s even strange I used the externalIssuesReportPaths because there’s no mention of it in the documentation, my bad !

Thanks for the insight !

BTW, for trivy, the sarif import cannot be imported because the region looks like this :

                "region": {
                  "startLine": 17,
                  "startColumn": 1,
                  "endLine": 17,
                  "endColumn": 1
                }

If the startColumn and endColumn keys are removed, the issue does not appear anymore (though the SQ issue will be targeted towards the whole line). To do this :

          temporary_report=`mktemp`
          report_path="trivy.sarif"
          cat "${report_path}" > "${temporary_report}"
          jq '.runs[].tool.driver.name="del(.runs[].results[].locations[].physicalLocation.region.startColumn,.runs[].results[].locations[].physicalLocation.region.endColumn)' "${temporary_report}" > "${report_path}"

Hi @Mikaciu,
It is indeed an error on SonarQube side.
I’ve created a ticket [SONAR-18180] - Jira to track it and we should fix it soon.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.