-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new output format for sonarqube #106
Comments
I really like the concept behind this (also thank you for the MR, looks awesome!), but I have one high level concern - it would probably be best to avoid vendor lock-in within the codebase. Looking through your code changes, it seems like there is a lot of base level code implemented to support Sonarqube in Sobelow. I can think of a few other formats that I think it would be beneficial to support (e.g. SIEM integrations) and instead of going down the rabbit hole of supporting each one, it might be better to take a more generic approach by allowing for Sobelow configuration files to define the outputted object. Still a rough idea in my head, so I'd be curious to hear your thoughts @juancgalvis. |
Hi @houllette, Sorry for not responding sooner, I was on other topics, returning to this idea. If you look at the changed code base, what I proposed was to generate an abstraction using a behavior called
In reality the code base does not change, only the formatter changes given the format by parameter. If you want, I can add strictly the sonarqube minimum required changes |
Hey @juancgalvis - welcome back to the project! 😄 I had looked at the code at the time and what I was mainly referring to in my comment was the hardcoded references to Sonarqube in order to support functionality. I think the abstractions you made to general the I think if instead of it being specifically built out modules required for every SIEM format we want to support, if the Additionally, this could be a good candidate for something like a plugin mechanism as suggested in #94 - where new features may require more code changes to / lower level interactions with Sobelow to support it, but we wish to avoid clogging up core components with one-off functionality. As a final note - it has been a hot minute since your original PR and the code base has undergone quite a bit of changes / upkeep since I've taken over maintaining it, so I would recommend starting from a fresh fork if this is something you wish to keep working on! |
That's clear, sure I can work from a new base of code having your position clear, thanks. |
It would be very useful if the sobelow task could generate the output in sonarqube format, following the generic issues structure of sonarqube, I am interested in contributing and I have advance work, what do you think of this feature? I would really appreciate it if you would accept it.
The basic idea is to have the next task parameter value for the option
--format, -f
The text was updated successfully, but these errors were encountered: