Must-share information :
- VERSION : SonarQube server 9.9 LTS, Sonar Scanner 4.8
- how is SonarQube deployed: Helm
- Trying to : import a valid SARIF report
The following SARIF JSON is validated against SARIF schema 2.1.0 (SARIF Validator) but fails import with an exception (see below)
{
"version": "2.1.0",
"$schema": "http://json.schemastore.org/sarif-2.1.0",
"runs": [
{
"results": [
{
"ruleId": "clang-diagnostic-error",
"level": "error",
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "CompilerIdC/CMakeCCompilerId.c"
},
"region": {
"startColumn": 3,
"startLine": 2
}
}
}
],
"message": {
"text": " <doublequote>A C++ compiler has been selected for C.<doublequote> [clang-diagnostic-error]<return># error <doublequote>A C++ compiler has been selected for C.<doublequote><return> ^<return>"
}
}
],
"tool": {
"driver": {
"informationUri": "https://clang.llvm.org/extra/index.html",
"name": "clang-tidy",
"version": "14.0.0 Ubuntu LLVM version"
}
}
}
]
}
Debug log :
12:06:11.813 DEBUG: Sensors : Import external issues report -> JaCoCo XML Report Importer -> IaC CloudFormation Sensor -> IaC Kubernetes Sensor -> TypeScript analysis -> CSS Rules -> C# Project Type Information -> C# Analysis Log -> C# Properties -> HTML -> TextAndSecretsSensor -> VB.NET Project Type Information -> VB.NET Analysis Log -> VB.NET Properties -> com.github.mc1arke.sonarqube.plugin.scanner.ScannerPullRequestPropertySensor -> IaC Docker Sensor
12:06:11.813 INFO: Sensor Import external issues report
12:06:11.813 DEBUG: Importing issues from '/home/user/projects/clang-tidy-sarif/build/output.sarif'
12:06:11.822 INFO: ------------------------------------------------------------------------
12:06:11.822 INFO: EXECUTION FAILURE
12:06:11.822 INFO: ------------------------------------------------------------------------
12:06:11.822 INFO: Total time: 5.967s
12:06:11.857 INFO: Final Memory: 19M/74M
12:06:11.857 INFO: ------------------------------------------------------------------------
12:08:05.012 ERROR: Error during SonarScanner execution
java.lang.NullPointerException: Cannot read the array length because "<local2>" is null
at org.sonar.scanner.externalissue.ReportParser.validate(ReportParser.java:52)
at org.sonar.scanner.externalissue.ReportParser.parse(ReportParser.java:43)
at org.sonar.scanner.externalissue.ExternalIssuesImportSensor.execute(ExternalIssuesImportSensor.java:72)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)
at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:403)
at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:399)
at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:368)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:137)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at jdk.proxy1/jdk.proxy1.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:126)
at org.sonarsource.scanner.cli.Main.execute(Main.java:81)
at org.sonarsource.scanner.cli.Main.main(Main.java:62)
your results will be published into SONARWEBSERVER=
?