search

stoplightio / spectral

A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI (v3.1, v3.0, and v2.0), Arazzo v1.0, as well as AsyncAPI v2.x.
https://stoplight.io/spectral
Apache License 2.0
2.48k stars 233 forks source link

Integrate Spectral with Sonarqube #2462

Open michaelsonnleitner opened 1 year ago

michaelsonnleitner commented 1 year ago

User story. As a Developer, I would like to get issues displayed in Sonarqube if my openapi spec does not apply to the provided spectral ruleset.

Is your feature request related to a problem? Sonarqube is a common tool in java developer lifecycle and has no Openapi Rules per default. There are also no additional plugins available which would do that job. So currently no openapi yamls can be checked. Spectral can lint openapi yamls but has no integration to sonarqube.

Describe the solution you'd like create an sonarqube plugin which integrates spectral during code analyse.

lhimstedt commented 1 year ago

That would be awesome. We like the spectral linter and its customization features. Previously, we used the Gitlab CodeQuality feature and wrote a script to parse the spectral output; I wonder if there is a feature like this in Sonarqube. Else, a plugin would be super helpful.

smsalisbury commented 4 months ago

I haven't used it, but SonarQube can include sarif reports and spectral can output as a sarif report.