https://github.com/baloise-incubator/codeql2sonar-maven-plugin

Maven plugin parsing SARIF files created by CodeQL used for SonarQube issueReporter.
https://github.com/baloise-incubator/codeql2sonar-maven-plugin

codeql sarif sonar sonarqube

Last synced: 4 months ago
JSON representation

Maven plugin parsing SARIF files created by CodeQL used for SonarQube issueReporter.

• Host: GitHub
• URL: https://github.com/baloise-incubator/codeql2sonar-maven-plugin
• Owner: baloise-incubator
• License: apache-2.0
• Created: 2021-03-14T17:00:38.000Z (almost 5 years ago)
• Default Branch: main
• Last Pushed: 2025-02-12T22:35:21.000Z (11 months ago)
• Last Synced: 2025-02-12T23:25:21.814Z (11 months ago)
• Topics: codeql, sarif, sonar, sonarqube
• Language: Java
• Homepage:
• Size: 202 KB
• Stars: 1
• Watchers: 4
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Codeowners: docs/CODEOWNERS

Awesome Lists containing this project

README

          
[![CI](https://github.com/baloise-incubator/codeql2sonar-maven-plugin/actions/workflows/ci.yml/badge.svg)](https://github.com/baloise-incubator/codeql2sonar-maven-plugin/actions/workflows/ci.yml)

[![CodeQL](https://github.com/baloise-incubator/codeql2sonar-maven-plugin/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/baloise-incubator/codeql2sonar-maven-plugin/actions/workflows/codeql-analysis.yml)

[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=baloise-incubator_codeql2sonar-maven-plugin&metric=alert_status)](https://sonarcloud.io/dashboard?id=baloise-incubator_codeql2sonar-maven-plugin)

# codeql2sonar-maven-plugin

It is a Maven Plugin parsing SARIF files which were created by conducted CodeQL scan. The parsed result is provided to

Sonarqube via SonarIssueReporter thus issue are displayed on Sonar's project dashboard.

## Prerequisit

In order to use this plugin properly, your JAVA project needs to be configured in Sonar already and connected using 

___org.sonarsource.scanner.maven:sonar-maven-plugin___

## How to use

add the following plugin to your pom.xml

```XML

  com.baloise.open

  codeql2sonar-maven-plugin

  0.1.7

```

Run to execute ```mvn codeql2sonar:SonarIssueReporter```

## How to configure

### Mandatory properties

- __codeql2sonar.sarif.inputfile__: specifies the SARIF file created by CodeQL scan

### Optional properties

- __codeql2sonar.sarif.outputfile__: location where to write the parsed result.

  
_Default: target/sonar/codeql2sonar.json_

- __codeql2sonar.sarif.ignoreTests__: if set to true, resources containing '/test/' in artifact location 

  are not reported to Sonar.
_Default: false_

- __codeql2sonar.sarif.path.excludes__: Array of artifact locations to be excluded from result.

  Regex-patterns can be used here according to pattern ```.*.*``` 

  while patterns are compiled case-insensitive.

  
Example:

  ```xml

  

    value1

    value2

  

  ```

  When using on command line with __-Dcodeql2sonar.sarif.path.exclude=__ the paths can be separated by comma, e.g.

  ```

  -Dcodeql2sonar.sarif.path.excludes=path/subdir1,path/subdir2/

  ```