# Generic issue import format

SonarQube supports a generic import format for raising external issues in code. You can use this format to import issues from your favorite linter even if there’s no plugin for it. SonarQube also supports [importing-third-party-issues](https://docs.sonarsource.com/sonarqube-server/10.0/analyzing-source-code/importing-external-issues/importing-third-party-issues "mention"), and [importing-issues-from-sarif-reports](https://docs.sonarsource.com/sonarqube-server/10.0/analyzing-source-code/importing-external-issues/importing-issues-from-sarif-reports "mention").

External issues and the rules that raise them must be managed in the configuration of your linter.

## Import <a href="#import" id="import"></a>

The analysis parameter `sonar.externalIssuesReportPaths` accepts a comma-delimited list of paths to reports.

Each report must contain, at the top level, an array of `Issue` objects named `issues`.

**Issue fields:**

* `engineId` - String
* `ruleId` - String
* `primaryLocation` - Location object
* `type` - String. One of BUG, VULNERABILITY, CODE\_SMELL
* `severity` - String. One of BLOCKER, CRITICAL, MAJOR, MINOR, INFO
* `effortMinutes` - Integer, optional. Defaults to 0
* `secondaryLocations` - Array of Location objects, optional

**Location fields:**

* `message` - String
* `filePath` - String
* `textRange` - TextRange object, optional for secondary locations only

**TextRange fields:**

* `startLine` - Integer. 1-indexed
* `endLine` - Integer, optional. 1-indexed
* `startColumn` - Integer, optional. 0-indexed
* `endColumn` - Integer, optional. 0-indexed

## Example <a href="#example" id="example"></a>

Here is an example of the expected format:

```css-79elbk
{ "issues": [
    {
      "engineId": "test",
      "ruleId": "rule1",
      "severity":"BLOCKER",
      "type":"CODE_SMELL",
      "primaryLocation": {
        "message": "fully-fleshed issue",
        "filePath": "sources/A.java",
        "textRange": {
          "startLine": 30,
          "endLine": 30,
          "startColumn": 9,
          "endColumn": 14
        }
      },
      "effortMinutes": 90,
      "secondaryLocations": [
        {
          "message": "cross-file 2ndary location",
          "filePath": "sources/B.java",
          "textRange": {
            "startLine": 10,
            "endLine": 10,
            "startColumn": 6,
            "endColumn": 38
          }
        }
      ]
    },
    {
      "engineId": "test",
      "ruleId": "rule2",
      "severity": "INFO",
      "type": "BUG",
      "primaryLocation": {
        "message": "minimal issue raised at file level",
        "filePath": "sources/Measure.java"
      }
    }
]}
```

## Limitations <a href="#limitations" id="limitations"></a>

There are a couple of limitations with importing external issues:

* You can’t manage them within SonarQube. For example, you can’t mark them as false positives.
* You can’t manage the activation of the rules that raise these issues within SonarQube. External rules aren’t visible on the Rules page or reflected in quality profiles.