Output SonarQube reports about insider HOT 5 OPEN

Hi @cynthiabaran , really sorry for delay. About the timestamps on report, the insider have a -force flag that generate reports without timestamp and will override existent report files.

About the sonarqube report, I think that we should create a new flag -format for example, and specify a type of output report, something like this:
$ insider -tech javascript -target <dir> -format sonarqube
This will generate a report in sonarqube format, if this flag is not informed, we generate the "default" report that we generate today. What do you think? And again, sorry for delay.

from insider.

Hey @cynthiabaran
I liked your naming convention sugestion.

What do you think guys @hermescanutodesouza @bieeldeveloper @GouveaHeitor

from insider.

Hi @cynthiabaran,

First of all, I would like to thank you for opening this issue!
This kind of functionality is very interesting, I believe that we can work on that...
But, if you find it interesting, feel free to open a PR with this implementation, it will be very welcome!

Thx!

from insider.

I actually did it 3 days ago, but one day later you guys released v2 😅
Sooo I'll have to rewrite some stuff, but probably I'll be able to contribute. This feature is important for us.

You okay with my suggestion for the naming convention of the rules' ids?

from insider.

Another issue worth discussing is the name of the SonarQube report.

I just noticed that in v2 you've added a timestamp to the name of the report file. That's kind of an issue when adding this tool to automatic CI pipelines, since it requires extra work for the pipeline script to figure out the name of the report to send to SonarQube.

Off the top of my head, I think we could output a fixed filename such as report-sonarqube.json, dropping the timestamp for the SonarQube report. That is easy to implement, and we don't really need an unique timestamp for SonarQube reports since it keeps track of all analysis for us.

Any thoughts?

from insider.