Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add parser for Sonarqube JSON result. #9366

Merged
merged 13 commits into from
Jan 31, 2024
Merged

Add parser for Sonarqube JSON result. #9366

merged 13 commits into from
Jan 31, 2024

Conversation

biennd279
Copy link
Contributor

@biennd279 biennd279 commented Jan 19, 2024
edited
Loading

Description

Sonar-report has JSON results. I think using JSON results from the sonar-report parser proves more stable than HTML.

I implemented the JSON Sonarqube result parser. I only parser of Issue (Vuln) and Rule from JSON, other logic i reuse from HTML result for sync result.

Test results

I added a unit test to find 0, 1, and many other findings. Other logic reuse from HTML result so i didn't add testcases.

Documentation

This parser working with options --save-report-json of sonar-report and have same behavior with HTML report.
JSON format works well with sonar-report version >= 3.1.2.

Checklist

This checklist is for your information.

  • Make sure to rebase your PR against the very latest dev.
  • Features/Changes should be submitted against the dev.
  • Bugfixes should be submitted against the bugfix branch.
  • Give a meaningful name to your PR, as it may end up being used in the release notes.
  • Your code is flake8 compliant.
  • Your code is python 3.11 compliant.
  • If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
  • Model changes must include the necessary migrations in the dojo/db_migrations folder.
  • Add the proper label to categorize your PR.
  • Add applicable tests to the unit tests.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jan 19, 2024
edited
Loading

Contextual Security Analysis

As DryRun Security performs checks, we’ll summarize them here. You can always dive into the detailed results in the section below for checks.

Status DryRun Security Check
AI-powered Sensitive Function Check
Configured Sensitive Files Check
AI-powered Sensitive Files Check

Chat with your AI-powered Security Buddy by typing @dryrunsecurity followed by your question into a comment.
Example: @dryrunsecurity What are common security issues with web application cookies?

Install and configure more repositories at DryRun Security

@biennd279 biennd279 changed the base branch from master to dev January 19, 2024 10:30
@biennd279 biennd279 force-pushed the topic-add-sonar-report-json-parser branch from 6d8a87a to fa7c04b Compare January 19, 2024 10:32
@biennd279 biennd279 changed the title WIP: [Parser] Add Sonarqube parser for JSON result. WIP: [Parser] Add parser for Sonarqube JSON result. Jan 19, 2024
@biennd279 biennd279 changed the title WIP: [Parser] Add parser for Sonarqube JSON result. Add parser for Sonarqube JSON result. Jan 19, 2024
@biennd279 biennd279 changed the title Add parser for Sonarqube JSON result. WIP: Add parser for Sonarqube JSON result. Jan 19, 2024
@biennd279 biennd279 changed the title WIP: Add parser for Sonarqube JSON result. Add parser for Sonarqube JSON result. Jan 19, 2024
@mtesauro
Copy link
Contributor

@biennd279 Can you address the ruff linter issues so this can be approved and merged?

@biennd279
Copy link
Contributor Author

biennd279 commented Jan 29, 2024
edited
Loading

@biennd279 Can you address the ruff linter issues so this can be approved and merged?

I have just merged with the dev branch. I think that will be okay with #9364.

mtesauro
mtesauro approved these changes Jan 29, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 25df450 into DefectDojo:dev Jan 31, 2024
122 checks passed
@manuel-sommer manuel-sommer mentioned this pull request Feb 9, 2024
Open
3 tasks
@biennd279 biennd279 deleted the topic-add-sonar-report-json-parser branch February 20, 2024 07:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kiblik kiblik kiblik requested changes

@grendel513 grendel513 grendel513 approved these changes

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

Assignees
No one assigned
Labels
docs parser unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@biennd279 @mtesauro @grendel513 @kiblik @Maffooch @blakeaowens