I’m trying to import issues from an external analyzer using the parameter “sonar.externalIssuesReportPaths” of the cmdline tool sonar-scanner (https://docs.sonarqube.org/7.4/analysis/generic-issue/). I had successfully imported the external report to sonar dashboard, but when I try to display details about the imported issues I got the following message “This is external rule test:X2115. No details are available.”.
Is there a way to write a specific rules for the issues generated by my external analyzer ? My aim is to only get detailed information about the issue (risk, detailed description, sample compliant code, etc).
EDIT :
Sonar version 7.4
External Analyzer : Bandit
Not without writing a plugin. If you do decide to to that route, then it might help to look at where SonarJava and SonarJS do that.
Another option if you’re going to write a plugin is to write a full-fledged analyzer plugin that provides ‘native’ rules. For that a look at PMD or one of the others might help.
I’m actually working on the first path (i.e. writing a plugin to generate rules for external issues), and I found out that external issues suffer from [two important limitations]((https://docs.sonarqube.org/7.4/analysis/generic-issue/) :
they cannot be managed within SonarQube; for instance, there is no ability to mark them False Positive.
the activation of the rules that raise these issues cannot be managed within SonarQube. In fact, external rules are not visible in the Rules page or reflected in any Quality Profile.
And also :
External issues and the rules that raise them must be managed in the configuration of your linter.
Is there any current work (or planned) to cover these limitations ?
Also, between the two options, what is the most recommended one ?