SonarQube supports a generic import format for raising "external" issues in code. It is intended to allow you to import the issues from your favorite linter even if no plugin exists for it.
External issues suffer from two important limitations:
- they cannot be managed within SonarQube; for instance, there is no ability to mark them False Positive.
- the activation of the rules that raise these issues cannot be managed within SonarQube. In fact, external rules are not visible in the Rules page or reflected in any Quality Profile.
External issues and the rules that raise them must be managed in the configuration of your linter.
The analysis parameter
sonar.externalIssuesReportPaths accepts a comma-delimited list of paths to reports.
Each report must contain, at top-level, an array of
Issue objects named
type- string. One of
severity- string. One of
effortMinutes- integer, optional. Defaults to 0
secondaryLocations- array of
TextRangeobject, optional for secondary locations only
startLine- integer. 1-indexed
endLine- integer, optional. 1-indexed
startColumn- integer, optional. 0-indexed
endColumn- integer, optional. 0-indexed
Here is an example of the expected format: