Sonarqube-report-generation NPM

Install

npm i trivy-to-sonarqube -g

Generate trivy report

trivy fs --ignorefile .trivyignore  -f json -o trivy-report.json  .
trivy config --ignorefile .trivyignore  -f json -o trivy-report.json  .
trivy image --ignorefile .trivyignore  -f json -o trivy-report.json  my-docker-image

Convert data to sonarqube generic issue format

trivy-to-sonarqube -f trivy-report.json -o ./my-sonarqube-report.json

Run sonar-scaner witch additional params

 sonar-scanner 
      -Dsonar.projectKey=MyProject
      -Dsonar.host.url=my-host.com
      -Dsonar.login=${SONARQUBE_TOKEN}
      -Dsonar.sources=.
      -Dsonar.externalIssuesReportPaths=./trivy-report.json

trivy semgrep sonarqube report generic issue

yargs

@everything-registry/sub-chunk-2797

1.0.2

1 year ago