# External analyzer reports

The sections below explain, for each language, how to set up, for your project, the import of issue reports generated by external analyzers that integrate with SonarQube. To do so, you must define in SonarQube the paths to the import files. This can be done in the UI (except for the C family and Go analyzers) or by defining an analysis parameter on the CI/CD host.

See also [analysis-parameters](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/analysis-parameters "mention").

{% hint style="info" %}

* The integration setup (except for the C family and Go) can also be done at the instance level in the UI (the project-level setup has precedence over the global-level setup). See [integration-with-external-analyzers](https://docs.sonarsource.com/sonarqube-server/instance-administration/analysis-functions/integration-with-external-analyzers "mention").
* If your analyzer doesn't integrate with SonarQube Server, you can import the external issues either in the generic SonarQube format or in the SARIF format. See [generic-issue-import-format](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/importing-external-issues/generic-issue-import-format "mention") or [importing-issues-from-sarif-reports](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/importing-external-issues/importing-issues-from-sarif-reports "mention").
  {% endhint %}

## Ansible

You can integrate the following Ansible analyzer with SonarQube: ansible-lint.

To setup the import of issues generated by ansible-lint:

1. Set up the generation of the reports by ansible-lint in SARIF format and their storing in dedicated import directory(ies). To do so, use the `--sarif-file` ansible-lint option.
2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Ansible**.
   3. In **Ansible-Lint Sarif Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute. You can use path-matching patterns.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.ansible.ansible-lint.reportPaths` .

See also [#for-files](https://docs.sonarsource.com/sonarqube-server/project-administration/adjusting-analysis/setting-analysis-scope/defining-matching-patterns#for-files "mention").

## Apex

You can integrate the following Apex analyzer with SonarQube: PMD. Note that the format of PMD reports generated by [sfdx-scanner](https://github.com/forcedotcom/sfdx-scanner) does not seem to perfectly match the format used by PMD.

To setup the import of issues generated by PMD:

1. Set up the generation of the reports by PMD and their storing in dedicated import directory(ies).
2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Apex**.
   3. In **PMD Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.apex.pmd.reportPaths` .

## CloudFormation

You can integrate the following Cloudformation analyzer with SonarQube: AWS CloudFormation Linter.

To setup the import of issues generated by AWS CloudFormation Linter:

1. Set up the generation of the reports by AWS CloudFormation Linter in JSON format and their storing in a dedicated import directory(ies).
2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **CloudFormation**.
   3. In **Cfn-Lint Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.cloudformation.cfn-lint.reportPaths` .

## C/C++/Objective-C

You can integrate the following C/C++/Objective-C analyzers with SonarQube: Valgrind Memcheck and Valgrind Helgrind.

To setup the import of issues generated by Valgrind Memcheck or Helgrind:

1. Set up the generation of the reports by Valgrind Memcheck or Helgrind in XML format and their storing in dedicated import directory(ies). To do so, use the Valgrind's XML output facility (`--xml=yes`).
2. Set up the import of the generated report files by SonarQube by defining on the CI/CD host the analysis parameter `sonar.cfamily.valgrind.reportsPaths` with the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.

## C\#

Issues from third-party Roslyn analyzers (including Roslyn analyzers provided by Microsoft) are included in the MSBuild output and imported by default into SonarQube so no properties exist to enable that behavior. Instead, properties are available to adjust the import and to *stop* importing those issues.

<details>

<summary>To disable the import</summary>

1. In SonarQube, retrieve your project.
2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **C#**.
3. Select the **Ignore issues from external Roslyn analyzers** option.
4. Save.

Alternatively, set the `sonar.cs.roslyn.ignoreIssues` analysis parameter to `true` on the CI/CD host.

</details>

<details>

<summary>To adjust the import</summary>

1. In SonarQube, retrieve your project.
2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **C#**.
3. Adjust the parameters listed in the table below.
4. Save.

Alternatively, set the corresponding sonar properties on the CI/CD host.

<table><thead><tr><th width="150">Parameter</th><th>Sonar property</th><th>Description</th></tr></thead><tbody><tr><td><strong>Rule categories associated with Bugs</strong></td><td><code>sonar.cs.roslyn.bugCategories</code></td><td>Comma-delimited list of categories whose issues should be classified as Bugs in Standard Experience or Reliability issues in MQR mode.</td></tr><tr><td><strong>Rule categories associated with Vulnerabilities</strong></td><td><code>sonar.cs.roslyn.vulnerabilityCategories</code></td><td>Comma-delimited list of categories whose issues should be classified as Vulnerabilities issues in Standard Experience or Security in MQR mode.</td></tr><tr><td><strong>Rule categories associated with Code Smells</strong></td><td><code>sonar.cs.roslyn.codeSmellCategories</code></td><td>Comma-delimited list of categories whose issues should be classified as Code Smells in Standard Experience or Maintainability issues in MQR mode.</td></tr></tbody></table>

</details>

For information about the Standard Experience or MQR mode, see [standard-experience](https://docs.sonarsource.com/sonarqube-server/instance-administration/analysis-functions/instance-mode/standard-experience "mention") and [mqr-mode](https://docs.sonarsource.com/sonarqube-server/instance-administration/analysis-functions/instance-mode/mqr-mode "mention").

## CSS

You can integrate the following CSS analyzer with SonarQube: Stylelint.

To setup the import of issues generated by Stylelint:

1. Set up the generation of the reports by Stylelint and their storing in dedicated import directory(ies).\
   Command example:

```
stylelint src/*.css --config stylelintconfig.json -f json > stylelint-report.json
```

2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **CSS**.
   3. In **Stylelint Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.css.stylelint.reportPaths`.

## Docker

You can integrate the following Docker analyzers with SonarQube: Hadolint.

To setup the import of issues generated by Hadolint:

1. Set up the generation of the reports by Hadolint in JSON or SonarQube format, and their storing in dedicated import directory(ies).
2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Docker**.
   3. In **Hadolint Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.docker.hadolint.reportPaths` .

## GitHub Actions

You can integrate the Actionlint analyzer with SonarQube Server.

To set up the import of issues generated by Actionlint:

1. Set up the generation of the reports by Actionlint, and their storing in dedicated import directory(ies).
2. Set up the import of the generated report files by SonarQube Server:
   1. Go to *Your Project* > **Project settings** > **General Settings** > **External Analyzers** > **GitHub Actions**.
   2. In **Actionlint Report Files**, enter the list of import directories or files. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started), or absolute.
   3. Save.

Alternatively, define the `sonar.githubactions.actionlint.reportPaths` parameter on the CI/CD host.

## Go

You can integrate the following Go analyzers with SonarQube: Govet, GoLint, GoMetaLinter, golanci-lint, and gosec.

{% tabs %}
{% tab title="Govet" %}
To setup the import of issues generated by Govet:

1. Set up the generation of the reports by Govet and their storing in dedicated import directory(ies).\
   Command example:

```
go vet 2> govet-report.out
```

2. Set up the import of the generated report files by SonarQube by defining on the CI/CD host the analysis parameter `sonar.go.govet.reportPaths` with the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   {% endtab %}

{% tab title="GoLint" %}
To setup the import of issues generated by GoLint:

1. Set up the generation of the reports by Govet and their storing in dedicated import directory(ies).\
   Command example:

```
golint > golint-report.out
```

2. Set up the import of the generated report files by SonarQube by defining on the CI/CD host the analysis parameter `sonar.go.golint.reportPaths` with the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   {% endtab %}

{% tab title="GoMetaLinter" %}
To setup the import of issues generated by GoMetaLinter:

1. Set up the generation of the reports by GoMetaLinterand their storing in dedicated import directory(ies).\
   Command example:

```
gometalinter > gometalinter-report.out
```

2. Set up the import of the generated report files by SonarQube by defining on the CI/CD host the analysis parameter `sonar.go.gometalinter.reportPaths` with the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   {% endtab %}

{% tab title="golanci-lint" %}
To setup the import of issues generated by golangci-lint:

1. Set up the generation of the reports by golangci-lint in checkstyle format and their storing in dedicated import directory(ies).\
   For the report generation, use the `--out-format checkstyle golangci-lint` option.
2. Set up the import of the generated report files by SonarQube by defining on the CI/CD host the analysis parameter `sonar.go.golangci-lint.reportPaths` with the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   {% endtab %}

{% tab title="gosec" %}
To setup the import of issues generated by gosec:

1. Set up the generation of the reports by gosec in SonarQube format and their storing in dedicated import directory(ies).

   For the report generation, use the `-fmt=sonarqube gosec` option.
2. Set up the import of the generated report files by SonarQube by defining on the CI/CD host the analysis parameter `sonar.externalIssuesReportPaths` with the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   {% endtab %}
   {% endtabs %}

## Java

You can integrate the following Java analyzers with SonarQube: SpotBugs, FindSecBugs, FindBugs, PMD, and Checkstyle. The setup differs depending on whether you use Maven or not.

{% tabs %}
{% tab title="With Maven" %}
To setup the import of issues generated by SpotBugs, FindSecBugs, FindBugs, PMD, and Checkstyle if you use Maven:

1. Open your `pom.xml` and in the section add the following plugins:

```xml
<plugin>
<groupId>org.apache.maven.plugins</groupId>
   <artifactId>maven-pmd-plugin</artifactId>
   <version> 3.10 . 0 </version>
</plugin>
<plugin>
   <groupId>com.github.spotbugs</groupId>
   <artifactId>spotbugs-maven-plugin</artifactId>
   <version> 3.1 . 1 </version>
   <configuration>
     <effort>Max</effort>
     <threshold>Low</threshold>
     <failOnError> true </failOnError>
     <includeFilterFile>${session.executionRootDirectory}/spotbugs-include.xml</includeFilterFile>
     <plugins>
       <plugin>
         <groupId>com.h3xstream.findsecbugs</groupId>
         <artifactId>findsecbugs-plugin</artifactId>
         <version>LATEST</version> <!-- Auto-update to the latest stable -->
       </plugin>
     </plugins>
   </configuration>
</plugin>
```

2. Add or update the section with:

```xml
<properties>
<sonar.java.spotbugs.reportPaths>./target/spotbugsXml.xml</sonar.java.spotbugs.reportPaths>
  <sonar.java.pmd.reportPaths>./target/pmd.xml</sonar.java.pmd.reportPaths>`
  <sonar.java.checkstyle.reportPaths>./target/checkstyle-result.xml</sonar.java.checkstyle.reportPaths>
</properties>
```

3. Execute the command below:

```
mvn clean package spotbugs:spotbugs pmd:pmd checkstyle:checkstyle sonar:sonar
```

{% endtab %}

{% tab title="Without Maven" %}
To setup the import of issues generated by SpotBugs, FindSecBugs, FindBugs, PMD, and Checkstyle if you don't use Maven:

1. Set up the generation of the reports by your third-party tool, and their storing in dedicated import directory(ies).
2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Java**.
   3. In **Checkstyle Report Files** (for Checkstyle reports), **PMD Report Files** (for PMD reports), or in **SpotBugs Report Files (**&#x46;or SpotBugs, FindSecBugs and FindBugs reports), enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the corresponding analysis parameter:

* For SpotBugs, FindSecBugs and FindBugs: `sonar.java.spotbugs.reportPaths`
* For PMD: `sonar.java.pmd.reportPaths`
* For Checkstyle: `sonar.java.checkstyle.reportPaths`
  {% endtab %}
  {% endtabs %}

## JavaScript/TypeScript

You can integrate the following JavaScript/TypeScript analyzer with SonarQube: ESLint.

To setup the import of issues generated by ESLint:

1. Set up the generation of the reports by ESLint in JSON format, and their storing in dedicated import directory(ies).\
   Command example:

```
eslint ./ -f json > eslint-report.json
```

2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **JavaScript/TypeScript**.
   3. In **ESLint Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.eslint.reportPaths` .

## Kotlin

You can integrate the following Kotlin analyzers with SonarQube: AndroidLint, Detekt, and Ktlint.

{% tabs %}
{% tab title="AndroidLint" %}
To setup the import of issues generated by AndroidLint:

1. Set up the generation of the reports by AndroidLint in XML format, and their storing in dedicated import directory(ies).\
   Command example:

```
gradle lint or $ANDROID_HOME/tools/bin/lint --xml lint-results.xml path/to/project 
```

2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Android**.
   3. In **Android Lint Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.androidLint.reportPaths` .
   {% endtab %}

{% tab title="Detekt" %}
To setup the import of issues generated by Detekt:

1. Set up the generation of the reports by Detekt in checkstyle XML format, and their storing in dedicated import directory(ies).\
   Command example:

```
java -jar path/to/detekt-cli-1.0.0.RC7-3-all.jar -i path/to/project -o path/to/report-directory 
```

2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Kotlin**.
   3. In **Detekt Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.kotlin.detekt.reportPaths`.
   {% endtab %}

{% tab title="Ktlint" %}
To setup the import of issues generated by Ktlint:

1. Set up the generation of the reports by Ktlint in checkstyle XML or in JSON format, and their storing in dedicated import directory(ies).
2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Kotlin**.
   3. In **Ktlint Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.kotlin.ktlint.reportPaths`.
   {% endtab %}
   {% endtabs %}

## PHP

You can integrate the following PHP analyzers with SonarQube: Psalm and PHPStan.

{% tabs %}
{% tab title="Psalm" %}
To setup the import of issues generated by Psalm:

1. Set up the generation of the reports by Psalm in the SonarQube format, and their storing in dedicated import directory(ies). To do so, use the `--output-format sonarqube` Psalm option.
2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **PHP**.
   3. In **Psalm Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.php.psalm.reportPaths`.
   {% endtab %}

{% tab title="PHPStan" %}
To setup the import of issues generated by PHPStan:

1. Set up the generation of the reports by PHPStan in [JSON format](https://phpstan.org/user-guide/output-format), and their storing in dedicated import directory(ies). To do so, use the PHPStan `analyse` command with the option `--error-format=json`.
2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **PHP**.
   3. In **PHPStan Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.php.phpstan.reportPaths`.
   {% endtab %}
   {% endtabs %}

## Python

You can integrate the following Python analyzers with SonarQube: Pylint, Bandit, Flake8, Mypy, and Ruff.

{% tabs %}
{% tab title="Pylint" %}
To setup the import of issues generated by Pylint:

1. Set up the generation of the reports by Pylint, and their storing in dedicated import directory(ies). Use the use `--output-format=parseable` [Pylint option](https://docs.pylint.org/en/1.6.0/output.html)\
   Command example:

```
pylint <module_or_package> -r n  --output-format=parseable --msg-template="{path}:{line}: [{msg_id}({symbol}), {obj}] {msg}" > <report_file> 
```

2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Python**.
   3. In **Pylint Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.python.pylint.reportPaths` .
   {% endtab %}

{% tab title="Bandit" %}
To setup the import of issues generated by Bandit:

1. Set up the generation of the reports by Bandit in JSON format, and their storing in dedicated import directory(ies).\
   Command example:

```
bandit --format json --output bandit-report.json --recursive /path/to/your/python/project
```

2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Python**.
   3. In **Bandit Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.python.bandit.reportPaths` .
   {% endtab %}

{% tab title="Flake8, Mypy, Ruff" %}
To setup the import of issues generated by Flake8, Mypy or Ruff:

1. Set up the generation of the reports by your third-party tool, and their storing in dedicated import directory(ies).
2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Python**.
   3. In the respective field (**Flake8 Report Files,** **Mypy Report Files**, or **Ruff Report Files**), enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the corresponding analysis parameter:

* For Flake8: `sonar.python.flake8.reportPaths`
* For Mypy: `sonar.python.mypy.reportPaths`
* For Ruff: `sonar.python.ruff.reportPaths`
  {% endtab %}
  {% endtabs %}

## Ruby

You can integrate the following Ruby analyzer with SonarQube: Rubocop.

To setup the import of issues generated by Rubocop:

1. Set up the generation of the reports by Rubocop, and their storing in dedicated import directory(ies).\
   Command example:

```
rubocop --format json --out rubocop-report.json
```

2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Ruby**.
   3. In **RuboCop Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.ruby.rubocop.reportPaths`.

## Rust

You can integrate the following Rust analyzer with SonarQube Server: Clippy.

To set up the import of issues generated by Clippy:

1. Set up the generation of the reports by Clippy in JSON format, and their storing in dedicated import directory(ies).\
   Command example:

```
cargo clippy --message-format=json > clippy-report.json
```

2. Set up the import of the generated report files by SonarQube Server:
   1. Go to *Your Project* > **Project settings** > **General Settings** > **External Analyzers** > **Rust**.
   2. In **Clippy Report Files**, enter the list of import file paths. This parameter accepts a comma-separated list of file paths to your Clippy JSON reports.
   3. Save.

Alternatively, define on the CI/CD host the analysis parameter `sonar.rust.clippyReport.reportPaths`.

## Scala

You can integrate the following Scala analyzers with SonarQube: Scalastyle and Scapegoat.

To setup the import of issues generated by Scalastyle or Scapegoat:

1. Set up the generation of the XML reports in the Scalastyle format for both Scalastyle and Scapegoat. Setup also the storing of the generated report files in dedicated import directory(ies).
2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Scala**.
   3. In the corresponding field (**Scalastyle Report Files** or **Scapegoat Report Files**), enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the corresponding analysis parameter:

* For Scalastyle : `sonar.scala.scalastyle.reportPaths`.
* For Scapegoat: `sonar.scala.scapegoat.reportPaths`.

## Swift

You can integrate the following Swift analyzer with SonarQube: Swiftlint.

To setup the import of issues generated by Swiftlint:

1. Set up the generation of the reports by Swiftlint in JSON format, and their storing in dedicated import directory(ies).\
   Command example:

```
swiftlint lint --reporter json > swiftlint.json
```

2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Swift**.
   3. In **SwiftLint Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.swift.swiftLint.reportPaths`.

## Terraform

You can integrate the following Terraform analyzer with SonarQube: TFLint.

To setup the import of issues generated by TFLint:

1. Set up the generation of the reports by TFLint, and their storing in dedicated import directory(ies).
2. Set up the import of the generated report files by SonarQube:

   1. In SonarQube, retrieve your project.
   2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **Terraform**.
   3. In **TFLint Report Files**, enter the list of import directories or files. This parameter accepts a comma-delimited list of paths. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started) or absolute.
   4. Save.

   Alternatively, define on the CI/CD host the analysis parameter `sonar.terraform.tflint.reportPaths`.

## VB.NET

Issues from third-party Roslyn analyzers (including Roslyn analyzers provided by Microsoft) are included in the MSBuild output and imported by default into SonarQube so no properties exist to enable that behavior. Instead, properties are available to adjust the import and to *stop* importing those issues.

{% hint style="warning" %}
Roslyn issues with an *error* severity automatically fail the build, and it is not recommended to run the SonarScanner for .NET’s end step if the MSBuild step fails for any reason because it will result in an essentially empty analysis, which will close all outstanding issues in the project. See Configuring the scanner for .NET for more information.
{% endhint %}

<details>

<summary>To disable the import</summary>

1. In SonarQube, retrieve your project.
2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **VB.NET**.
3. Select the **Ignore issues from external Roslyn analyzers** option.
4. Save.

Alternatively, set the `sonar.vbnet.roslyn.ignoreIssues` analysis parameter to `true` on the CI/CD host.

</details>

<details>

<summary>To adjust the import</summary>

1. In SonarQube, retrieve your project.
2. Go to **Project Settings** > **General Settings** > **External Analyzers** > **C#**.
3. Adjust the parameters listed in the table below.
4. Save.

Alternatively, set the corresponding sonar properties on the CI/CD host.

<table><thead><tr><th width="150">Parameter</th><th>Sonar property</th><th>Description</th></tr></thead><tbody><tr><td><strong>Rule categories associated with Bugs</strong></td><td><code>sonar.vbnet.roslyn.bugCategories</code></td><td>Comma-delimited list of categories whose issues should be classified as Bugs in Standard Experience or Reliability issues in MQR mode.</td></tr><tr><td><strong>Rule categories associated with Vulnerabilities</strong></td><td><code>sonar.vbnet.roslyn.vulnerabilityCategories</code></td><td>Comma-delimited list of categories whose issues should be classified as Vulnerabilities issues in Standard Experience or Security in MQR mode.</td></tr><tr><td><strong>Rule categories associated with Code Smells</strong></td><td><code>sonar.vbnet.roslyn.codeSmellCategories</code></td><td>Comma-delimited list of categories whose issues should be classified as Code Smells in Standard Experience or Maintainability issues in MQR mode.</td></tr></tbody></table>

</details>

For information about the Standard Experience or MQR mode, see [standard-experience](https://docs.sonarsource.com/sonarqube-server/instance-administration/analysis-functions/instance-mode/standard-experience "mention") and [mqr-mode](https://docs.sonarsource.com/sonarqube-server/instance-administration/analysis-functions/instance-mode/mqr-mode "mention").

## YAML

You can integrate the Spectral analyzer with SonarQube Server.

To set up the import of issues generated by Spectral:

1. Set up the generation of the reports by Spectral and their storing in dedicated import directory(ies).
2. Set up the import of the generated report files by SonarQube Server:
   1. Go to *Your Project* > **Project settings** > **General Settings** > **External Analyzers** > **YAML**.
   2. In **Spectral Report Files**, enter the list of import directories or files. A path definition is either relative to the `sonar.projectBaseDir` analysis parameter (which is by default the directory from which the analysis was started), or absolute. SARIF and JSON formats are supported.
   3. Save.

Alternatively, define the `sonar.yaml.spectral.reportPaths` parameter on the CI/CD host.

## Related pages

[about-external-issues](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/importing-external-issues/about-external-issues "mention")\
[generic-issue-import-format](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/importing-external-issues/generic-issue-import-format "mention")\
[importing-issues-from-sarif-reports](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/importing-external-issues/importing-issues-from-sarif-reports "mention")\
[integration-with-external-analyzers](https://docs.sonarsource.com/sonarqube-server/instance-administration/analysis-functions/integration-with-external-analyzers "mention")