Generic formatted issue reports
On this page
If your third-party analyzer is not supported by SonarQube Server then you can import the reports by using the SonarQube Server generic issue format. No plugin is required.
The external issues will be taken into account by SonarQube Server in the analysis report, but the rules corresponding to these issues will not be visible on the Rules page nor reflected in quality profiles. This means that the rules that raise external issues must be managed in your third-party tool.
Setting up the import
- Set up the generation of the third-party reports in the generic issue format according to the specifications below.
- Set up the import of the report files by defining the analysis parameter
sonar.externalIssuesReportPathson the CI/CD host with the list of import directories or files. to define the list of report files to be imported during your project analysis. This parameter accepts a comma-delimited list of paths (A file path definition is either relative to thesonar.projectBaseDirproperty, which is by default the directory from which the analysis was started, or absolute.).
Generic issue format specifications
The issues report must contain, an array of Rule objects (rules) and an array of Issue objects. The figure below shows the different object types involved. The report fields for each object type are listed in the table below. For information about Clean Code attribute, software quality, and impact, see Clean Code.
The generic issue format has changed with SonarQube Server 10.3. The previous format is deprecated. If you use it, SonarQube Server will apply the following default values:
- For the
cleanCodeAttributefield: CONVENTIONAL - For the
softwareQualityfield: MAINTAINABILITY - For the
severityfield: MEDIUM
If you use SonarQube Server 10.8 or. later, you must use the latest generic issue format as outlined below. Otherwise, all issues will appear with Maintainability set to Medium in MQR Mode.
If you are switching between Standard Experience and MQR Mode, see Changing instance modes for more information about how it might affect your metrics and workflow.
List of report fields
The table below lists the fields by object type of the generic issue report format.
| Object | Field | Format | Description | Mandatory |
|---|---|---|---|---|
| Rule | id | string | Rule identifier. | x |
name | string | Rule name. | x | |
description | string | Rule description. | ||
engineId | string | Identifier of the third-party analyzer that provides the rule. | x | |
cleanCodeAttribute | string | Clean Code attribute associated with the rule (code characteristic checked by the rule). Possible values:
| x | |
impacts | Array of Impact objects | List of software qualities to which the rule’s Clean Code attribute contributes with a specific impact severity. | Optional, if type and severity are provided. | |
| string | Rule type Possible values:
| Optional, if impact is provided. | |
severity | string | Rule severity. Possible values:
| Optional, if impact is provided. | |
| Issue | primaryLocation | Location object | Primary location of the issue in the code. | x |
effortMinutes | integer | Evaluated issue solving time in minutes. Default value: 0 | ||
secondaryLocations | Array of Location objects | Secondary locations of the issue in case several places in the code are concerned. | ||
| Impacts | softwareQuality | string | Software quality. Possible values:
| x |
severity | string | Associated level of impact. This level corresponds to the impact level of an issue raised through the rule. Possible values:
| x | |
| Location | message | string | Text message displayed at the location and describing the issue. | x |
filePath | string | Object used to locate the code to which the issue refers inside a file. | x | |
textRange | TextRange object | Object used to locate the code to which the issue refers inside a file. | For secondary locations only | |
| TextRange | startLine | integer | Start line of the code to which the issue refers. | x |
endLine | integer | End line of the code to which the issue refers. | ||
startColumn | integer | Start column of the code to which the issue refers. Note: | ||
endColumn | integer | End column of the code to which the issue refers. |
Report file example
Below is an example of the expected format.
{
"rules": [
{
"id": "rule1",
"name": "just_some_rule_name",
"description": "just_some_description",
"engineId": "test",
"cleanCodeAttribute": "FORMATTED",
"type": "CODE_SMELL",
"severity": "CRITICAL",
"impacts": [
{
"softwareQuality": "MAINTAINABILITY",
"severity": "HIGH"
},
{
"softwareQuality": "SECURITY",
"severity": "LOW"
}
]
},
{
"id": "rule2",
"name": "just_some_other_rule_name",
"description": "just_some_description",
"engineId": "test2",
"cleanCodeAttribute": "IDENTIFIABLE",
"type": "BUG",
"severity": "MINOR",
"impacts": [
{
"softwareQuality": "RELIABILITY",
"severity": "LOW"
}
]
}
],
"issues": [
{
"ruleId": "rule1",
"effortMinutes": 40,
"primaryLocation": {
"message": "fix the issue here",
"filePath": "file1.js",
"textRange": {
"startLine": 1,
"startColumn": 2,
"endLine": 3,
"endColumn": 4
}
}
},
{
"ruleId": "rule1",
"primaryLocation": {
"message": "fix the bug here",
"filePath": "file2.js",
"textRange": {
"startLine": 3
}
}
},
{
"ruleId": "rule1",
"primaryLocation": {
"message": "fix the bug here",
"filePath": "file3.js"
}
},
{
"ruleId": "rule1",
"primaryLocation": {
"message": "fix the bug here",
"filePath": "file3.js"
},
"secondaryLocations": [
{
"message": "fix the bug here",
"filePath": "file1.js",
"textRange": {
"startLine": 1
}
},
{
"filePath": "file2.js",
"textRange": {
"startLine": 2
}
}
]
},
{
"ruleId": "rule2",
"effortMinutes": 40,
"primaryLocation": {
"message": "fix the bug here",
"filePath": "file3.js"
},
"secondaryLocations": [
{
"message": "fix the bug here",
"filePath": "file1.js",
"textRange": {
"startLine": 1
}
},
{
"filePath": "file2.js",
"textRange": {
"startLine": 2
}
}
]
}
]
}Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
