Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add possibility to export sonarqube reports #4418

Closed
LvffY opened this issue Oct 22, 2021 · 2 comments · Fixed by #4539
Closed

Add possibility to export sonarqube reports #4418

LvffY opened this issue Oct 22, 2021 · 2 comments · Fixed by #4539
Assignees
@joaoReigota1
Labels
community Community contribution feature request Community: new feature request

Comments

@LvffY
Copy link

LvffY commented Oct 22, 2021

Describe the solution you'd like

I'm pretty sure that sonarqube is used by almost every users that use kics.

For now, Sonarqube doesn't support the SARIF reports. May be kics could add a new output report style that follows sonarqube generic issue import format that will allow users to import kics analysis into sonarqube as any other static code analysis.

Describe alternatives you've considered

  • May be a complete Sonarqube plugin about SARIF reports could be considered
  • May be a simple way to transform SARIF reports in sonarqube generic issue import format could be useful and more easy to produce. You would just add another integration section in your docs.
@LvffY LvffY added community Community contribution feature request Community: new feature request labels Oct 22, 2021
@joaoReigota1
Copy link
Collaborator

joaoReigota1 commented Nov 18, 2021
edited
Loading

Hello @LvffY
We will add a new report style that will be in json and be named sonarqube.
Regarding the structure, this is how it will look

{
    "issues": [
        {
            "engineId": "KICS v1.x.x",
            "ruleId": "<Query ID>: <Query Name>",
            "severity": "<CRITICAL, MAJOR, MINOR, INFO>",
            "type": "<VULNERABILITY, CODE_SMELL>",
            "primaryLocation": {
                "message": "<Query Description>: <Query Expected Value>",
                "filePath": "<File path>",
                "textRange": {
                    "startLine": 1
                }
            },
            "secondaryLocations": [
                "<All Other Query Ocurrences>"
            ]
        }
    ]
}

@LvffY
Copy link
Author

LvffY commented Nov 19, 2021

Hello @joaoReigota1

That would be great !

@joaoReigota1 joaoReigota1 self-assigned this Nov 19, 2021
joaoReigota1 added a commit that referenced this issue Nov 19, 2021
@joaoReigota1
feat(report): added sonarqube report (#4418)
6c9f369 
Signed-off-by: João Reigota <joao.reigota@checkmarx.com>
joaoReigota1 added a commit that referenced this issue Nov 19, 2021
@joaoReigota1
feat(report): added sonarqube report (#4418)
060b572 
Signed-off-by: João Reigota <joao.reigota@checkmarx.com>
@joaoReigota1 joaoReigota1 mentioned this issue Nov 19, 2021
Merged
joaoReigota1 added a commit that referenced this issue Nov 19, 2021
@joaoReigota1
feat(report): added sonarqube report (#4418)
c2dafc2 
Signed-off-by: João Reigota <joao.reigota@checkmarx.com>
joaoReigota1 added a commit that referenced this issue Nov 22, 2021
@joaoReigota1
feat(report): added sonarqube report (#4418) (#4539)
22c100d 
Signed-off-by: João Reigota <joao.reigota@checkmarx.com>
@LvffY LvffY mentioned this issue Nov 25, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joaoReigota1 joaoReigota1

Labels
community Community contribution feature request Community: new feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(report): added sonarqube report (#4418) Checkmarx/kics
2 participants
@LvffY @joaoReigota1