Generic issue data
On this page
SonarQube Cloud supports a generic format for importing issues generated by external analysis tools, like linters. This feature can help you integrate a tool that is not directly supported by SonarQube Cloud by having your custom CI task convert the output of the unsupported tool to this generic format, which can then be imported into SonarQube Cloud.
External issues have the limitation that the activation of the rules that raise these issues cannot be managed within SonarQube Cloud. External rules are not visible on the Rules page or reflected in any Quality Profile.
External issues and the rules that raise them must be managed in the configuration of your external tool.
Import
You can set up the import of the report files by defining the analysis parameter sonar.externalIssuesReportPaths on the CI/CD host with the list of import directories or files. This parameter accepts a comma-delimited list of paths (a file path definition is either relative to the sonar.projectBaseDir property, which is by default the directory from which the analysis was started, or absolute).
The issues report must contain, an array of rule objects (rules) and an array of issue objects (issues).
Issue types and associated severities are deprecated. Use the impacts object and related software quality and severity properties instead. For more information, see Clean Code.
List of objects and properties in the report
The following objects and properties comprise the generic issues report.
Rules object
rules (array of rule objects)
Objects and properties included in rules:
id (string, required): Rule identifier
name (string, required): Rule name
description (string, required): Rule description
engineId (string, required): Identifier of the third-party analyzer that provides the rule.
cleanCodeAttribute (string, required): Clean Code attribute associated with the rule, possible values: FORMATTED, CONVENTIONAL, or other - see Clean Code for a complete list.
type (string, deprecated): Rule type, possible values: BUG, VULNERABILITY, CODE_SMELL.
severity (string, deprecated): Rule severity, possible values: BLOCKER, CRITICAL, MAJOR, MINOR, INFO.
impacts (array of impact objects, required): impacts object replaces deprecated types and severity properties.
softwareQuality(string)
Possible values: SECURITY, RELIABILITY, MAINTAINABILITYseverity(string)
Possible values: BLOCKER, HIGH, MEDIUM, LOW, INFO
Example of a rules object containing one rule:
"rules": [
{
"id": "rule1",
"name": "Name of rule 1",
"description": "Description of rule 1",
"engineId": "third-party analyzer 1",
"cleanCodeAttribute": "FORMATTED",
"type": "CODE_SMELL",
"severity": "CRITICAL",
"impacts": [
{
"softwareQuality": "MAINTAINABILITY",
"severity": "HIGH"
},
{
"softwareQuality": "SECURITY",
"severity": "LOW"
}
]
}
]Issues object
issues (array of issue objects)
Objects and properties included in issues:
ruleID (string, required): Identifier of the rule that raised the issue.
effortMinutes (integer): Effort in minutes to solve the issue. The default value is 0.
primaryLocation (object, required): Primary location of the issue in code.
message(string, required): Description of the issue.filePath(string, required): Path to the code file that raised the issue.textRange(object, required): Object used to locate the code that raised the issue.startLine(integer, required): Start line of the code that raised the issue.endLine(integer): End line of the code that raised the issue.startColumn(integer): Start column of the code that raised the issue. Do not specify for empty lines.endColumn(integer): End column of the code that raised the issue.
secondaryLocations (array of locations): Secondary locations of the issue if there are several places of concern in the code. See primaryLocation on how to structure the location object.
Example of an issues object containing one issue:
"issues": [
{
"ruleId": "rule1",
"effortMinutes": 40,
"primaryLocation": {
"message": "fix issue 1",
"filePath": "file1.js",
"textRange": {
"startLine": 1,
"startColumn": 2,
"endLine": 3,
"endColumn": 4
}
},
"secondaryLocations": [
{
"message": "fix issue 2",
"filePath": "file2.js",
"textRange": {
"startLine": 1
}
},
{
"message": "fix issue 3",
"filePath": "file3.js",
"textRange": {
"startLine": 2
}
}
]
}
]Report file example
{
"rules": [
{
"id": "rule1",
"name": "Name of rule 1",
"description": "Description of rule 1",
"engineId": "third-party analyzer 1",
"cleanCodeAttribute": "FORMATTED",
"type": "CODE_SMELL",
"severity": "CRITICAL",
"impacts": [
{
"softwareQuality": "MAINTAINABILITY",
"severity": "HIGH"
},
{
"softwareQuality": "SECURITY",
"severity": "LOW"
}
]
},
{
"id": "rule2",
"name": "Name of rule 2",
"description": "Description of rule 2",
"engineId": "third-party analyzer 2",
"cleanCodeAttribute": "IDENTIFIABLE",
"type": "BUG",
"severity": "MINOR",
"impacts": [
{
"softwareQuality": "RELIABILITY",
"severity": "LOW"
}
]
}
],
"issues": [
{
"ruleId": "rule1",
"effortMinutes": 40,
"primaryLocation": {
"message": "fix issue 1",
"filePath": "file1.js",
"textRange": {
"startLine": 1,
"startColumn": 2,
"endLine": 3,
"endColumn": 4
}
},
"secondaryLocations": [
{
"message": "fix issue 2",
"filePath": "file2.js",
"textRange": {
"startLine": 1
}
},
{
"message": "fix issue 3",
"filePath": "file3.js",
"textRange": {
"startLine": 2
}
}
]
},
{
"ruleId": "rule2",
"primaryLocation": {
"message": "fix issue 4",
"filePath": "file4.js",
"textRange": {
"startLine": 3
}
}
}
]
}Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
