Unable to import the results of the Apex PMD Code Analyzer into SonarQube

dzianis-chatyrbok-in · January 29, 2026, 2:06pm

Hello Sonar Team!
I am configuring a GitHub action whose purpose is to scan changed files using the Apex pmd scanner and import the resulting findings into SonarQube. The Apex PMD scanner results are saved to the file pmd-report.xml.

sf scanner run \
  --target "$CHANGED_FILES" \
  --engine pmd \
  --format xml \
  --outfile pmd-report.xml

In the GitHub Actions logs, I can see that vulnerabilities are present

Executed pmd, found 56 violation(s) across 1 file(s).
As the next step, I run the SonarCloud action, passing the sonar.apex.pmd.reportPaths parameter.

- name: SonarCloud
  uses: sonarsource/sonarcloud-github-action@v3
    with:
      args: >
        ...
        -Dsonar.apex.pmd.reportPaths=pmd-report.xml

In the logs, I observe the following:

Sensor Import of PMD issues [sonarapex]
Importing /github/workspace/pmd-report.xml
Sensor Import of PMD issues [sonarapex] (done) | time=62ms

However, after the action completes, I do not see the pmd data issues in Sonar. What could be the reason?

ganncamp · January 30, 2026, 6:37pm

Hi,

Could you add -Dsonar.verbose=true to your analysis command and provide the resulting log here, redacted as necessary?

Some of the sensors are less than fulsome in their reporting when e.g. a file is not found. I’d like to see what, if anything, shows up for this at DEBUG level.

Thx,
Ann

dzianis-chatyrbok-in · February 3, 2026, 7:39am

Hi Ann,

Following your suggestion, I added the -Dsonar.verbose=true parameter. The verbose results log is attached below.

sonar.log (191.9 KB)

ganncamp · February 3, 2026, 1:19pm

Hi,

This doesn’t seem to be the full log, only the last chunk of it. Can you try that upload again?

Thx,
Ann

dzianis-chatyrbok-in · February 10, 2026, 12:12pm

Hi Ann,

I’ve generated a new log. Please have a look.

Thanks!

sonar.zip (130.7 KB)

ganncamp · February 10, 2026, 2:31pm

Hi,

Thanks for the log. I see the report being imported:

11:35:36.778 INFO  Sensor Import of PMD issues [sonarapex]
11:35:36.781 INFO  Importing /github/workspace/pmd-report.xml
11:35:36.828 INFO  Sensor Import of PMD issues [sonarapex] (done) | time=50ms

Since the duration is non-zero, I assume it’s doing something.

Unfortunately the logs don’t tell us what.

Let’s take a look at paths. A common cause of missing data is path mis-match. What do the file paths in the report look like, and how do they compare to the file paths analysis is seeing (i.e. the paths you see inside SonarQube Cloud)?

Ann

Topic		Replies	Views
Importing third-party issues not working SonarQube Server / Community Build	4	258	May 29, 2024
How to import PMD-apex ruleset into EE Sonarqube? SonarQube Server / Community Build sonarqube , apex	2	1172	April 8, 2022
How to Integrate PMD rule sets in Sonar Cloud and view the analysis report SonarQube Cloud sonarqube-cloud	5	1133	July 19, 2023
[WARNING] No input file found for xxx file SonarQube Cloud java	10	695	June 19, 2023
How do I see PMD report in sonarqube 7.9 web UI Plugin Development sonarqube , apex , sonarqube-ide	1	789	September 22, 2020

Unable to import the results of the Apex PMD Code Analyzer into SonarQube

Related topics