This version of the SonarQube documentation is no longer maintained. It relates to a version of SonarQube that is not active.

See latest version
Start Free
10.3 | Analyzing source code | Importing external issues | Generic formatted reports

Generic formatted issue reports

On this page

If your third-party analyzer is not supported by SonarQube then you can import the reports by using the SonarQube generic issue format. No plugin is required. 

The external issues will be taken into account by SonarQube in the analysis report, but the rules corresponding to these issues will not be visible on the Rules page nor reflected in quality profiles. This means that the rules that raise external issues must be managed in your third-party tool. 

Setting up the import

  1. Set up the generation of the third-party reports in the generic issue format according to the specifications below.
  2. Set up the import of the report files by defining the analysis parameter sonar.externalIssuesReportPaths on the CI/CD host with the list of import directories or files. to define the list of report files to be imported during your project analysis. This parameter accepts a comma-delimited list of paths (A file path definition is either relative to the sonar.projectBaseDir property, which is by default the directory from which the analysis was started, or absolute.).

Generic issue format specifications

The issues report must contain, an array of Rule objects (rules) and an array of Issue objects. The figure below shows the different object types involved. The report fields for each object type are listed in the table below. For information about Clean Code attribute, software quality, impact, and severity, see Clean Code.

List of report fields

The table below lists the fields by object type of the generic issue report format.

ObjectField                              FormatDescriptionMandatory
RuleidstringRule identifier.x

namestringRule name.x

descriptionstringRule description.

cleanCodeAttributestring

Clean code attribute associated with the rule (code characteristic checked by the rule). 

Possible values:

  • FORMATTED
  • CONVENTIONAL
  • etc.
    See the Clean Code page for the complete list.
x

impactsArray of Impact objectsList of software qualities to which the rule’s Clean Code attribute contributes with a specific impact. x

issuesArray of Issue objectsList of issues raised by the rule.x
IssueprimaryLocationLocation objectPrimary location of the issue in the code.x

effortMinutesstringEvaluated issue solving time in minutes.
Default value: 0


secondaryLocationsArray of Location objectsSecondary locations of the issue in case several places in the code are concerned.
ImpactsoftwareQualitystring

Software quality. 

Possible values:

  • MAINTAINABILITY
  • RELIABILITY
  • SECURITY
x

severitystring

Associated level of impact. This level corresponds to the severity level of an issue raised through the rule.

Possible values:

  • HIGH
  • MEDIUM
  • LOW
x
LocationmessagestringText message displayed at the location and describing the issue.x

filePathstringObject used to locate the code to which the issue refers inside a file.x

textRangeTextRange objectObject used to locate the code to which the issue refers inside a file.For secondary locations only
TextRangestartLinestringStart line of the code to which the issue refers.x

endLinestringEnd line of the code to which the issue refers.

startColumnstringStart column of the code to which the issue refers.

endColumnstringEnd column of the code to which the issue refers.

Report file example

Below is an example of the expected format.


{
  "rules": [
    {
      "id": "rule1",
      "name": "just_some_rule_name",
      "description": "just_some_description",
      "engineId": "test",
      "cleanCodeAttribute": "FORMATTED",
      "impacts": [
        {
          "softwareQuality": "MAINTAINABILITY",
          "severity": "HIGH"
        },
        {
          "softwareQuality": "SECURITY",
          "severity": "LOW"
        }
      ]
    },
    {
      "id": "rule2",
      "name": "just_some_other_rule_name",
      "description": "just_some_description",
      "engineId": "test2",
      "cleanCodeAttribute": "IDENTIFIABLE",
      "impacts": [
        {
          "softwareQuality": "RELIABILITY",
          "severity": "LOW"
        }
      ]
    }
  ],
  "issues": [
    {
      "ruleId": "rule1",
      "effortMinutes": 40,
      "primaryLocation": {
        "message": "fix the issue here",
        "filePath": "file1.js",
        "textRange": {
          "startLine": 1,
          "startColumn": 2,
          "endLine": 3,
          "endColumn": 4
        }
      }
    },
    {
      "ruleId": "rule1",
      "primaryLocation": {
        "message": "fix the bug here",
        "filePath": "file2.js",
        "textRange": {
          "startLine": 3
        }
      }
    },
    {
      "ruleId": "rule1",
      "primaryLocation": {
        "message": "fix the bug here",
        "filePath": "file3.js"
      }
    },
    {
      "ruleId": "rule1",
      "primaryLocation": {
        "message": "fix the bug here",
        "filePath": "file3.js"
      },
      "secondaryLocations": [
        {
          "message": "fix the bug here",
          "filePath": "file1.js",
          "textRange": {
            "startLine": 1
          }
        },
        {
          "filePath": "file2.js",
          "textRange": {
            "startLine": 2
          }
        }
      ]
    },
    {
      "ruleId": "rule2",
      "effortMinutes": 40,
      "primaryLocation": {
        "message": "fix the bug here",
        "filePath": "file3.js"
      },
      "secondaryLocations": [
        {
          "message": "fix the bug here",
          "filePath": "file1.js",
          "textRange": {
            "startLine": 1
          }
        },
        {
          "filePath": "file2.js",
          "textRange": {
            "startLine": 2
          }
        }
      ]
    }
  ]
}

Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License