In order to be integrated with Space, the code analysis tool must run on your CI server and be able to generate and export reports in the SARIF formatted.json file. The examples include Qodana, GitHub CodeQL, or lighter language-specific linters (such as ESLint/TSLint for JavaScript/TypeScript, KtLint for Kotlin, Clippy for Rust, Roslyn Analyzers for C#) that support SARIF export format either directly or with some add-on packages.
Space HTTP API has a dedicated endpoint that can accept code analysis reports as a sarif formatted .json file generated by a code analysis tool for modified code fragments.
The way you set up the integration depends on your CI server and code analysis tool specifics, however the general principles remain the same:
An automated job or pipeline is set up on your CI server to run when a new merge request is created or a commit is pushed to an existing merge request.
The job is triggered by a webhook configured on the Space end or, as an alternative, by polling your Space repository for changes in branches using the regular expression refs/merge/(.*?-MR-\\d+)/head which Space creates for each merge request.
When triggered, the job receives the branch name, extracts the merge request id, and requests Space API for the source and target commit id's.
Finally, the job launches a code analysis tool which is instructed to only analyse new changes. The resulting report is generated as a SARIF formatted file and uploaded to Space.
Code analysis API
Space HTTP API has a dedicated endpoint that can be used to receive SARIF reports from a code analysis tool for a specific commit:
POST /api/http/projects/{project}/code-reviews/{reviewId}/sarif/{commitId}
where
{project} is an identifier of the Space project which should display code analysis. Either a project ID or project key can be used: key:MY-PROJECT-KEY or id:my-project-id
{reviewId} is an identifier of the merge request. Either a merge request ID or number can be used: id:mr-id or number:mr-number
{commitId} is an identifier of the latest commit in the merge request: id:commit-id
A SARIF formatted report fetched from your code analysis tool is submitted in the request body as a .json file.
Authorization
This endpoint requires that the caller is granted the Report code issues for repository permission. Make sure to grant this permission to the Space application or user that will be uploading SARIF files to Space API.
To experiment with the endpoint and test your configuration, use Space HTTP API Playground:
On the main menu, click Extensions then choose API Playground.
Under the endpoints list, select Show experimental API.
In the endpoint search field, type sarif and click Upload SARIF report for merge request. The SARIF endpoint will be displayed.
Thanks for your feedback!
Was this page helpful?
Cookie Settings
Our website uses some cookies and records your IP address for the purposes of accessibility, security, and managing your access to the telecommunication network. You can disable data collection and cookies by changing your browser settings, but it may affect how this website functions. Learn more.
With your consent, JetBrains may also use cookies and your IP address to collect individual statistics and provide you with personalized offers and ads subject to the Privacy Notice and the Terms of Use. JetBrains may use third-party services for this purpose. You can adjust or withdraw your consent at any time by visiting the Opt-Out page.