Sonarqube output files not loading external issues correctly when pulled into scanner

[adsk-mcnultt]

• This is a bug report
• I searched existing issues before opening this one

Expected behavior

Sonarqube scanner imports external issues correctly and displays them.

Actual behavior

The file is detected and opened but no issues are imported.

Sonar output

18:21:15.830 INFO: Sensor Import external issues report
18:21:15.831 DEBUG: Importing issues from './hado-out.json'
18:21:15.837 INFO: Imported 0 issues in 0 files
18:21:15.838 INFO: External issues ignored for 1 unknown files, including: -

hado-out.json

{"issues":[{"engineId":"Hadolint","primaryLocation":{"filePath":"-","message":"Always tag the version of an image explicitly","textRange":{"endColumn":1,"endLine":4,"startColumn":0,"startLine":4}},"ruleId":"DL3006","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"-","message":"Last USER should not be root","textRange":{"endColumn":1,"endLine":6,"startColumn":0,"startLine":6}},"ruleId":"DL3002","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"-","message":"Use absolute WORKDIR","textRange":{"endColumn":1,"endLine":13,"startColumn":0,"startLine":13}},"ruleId":"DL3000","severity":"CRITICAL","type":"BUG"},{"engineId":"Hadolint","primaryLocation":{"filePath":"-","message":"Do not use apt as it is meant to be a end-user tool, use apt-get or apt-cache instead","textRange":{"endColumn":1,"endLine":15,"startColumn":0,"startLine":15}},"ruleId":"DL3027","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"-","message":"Multiple consecutive `RUN` instructions. Consider consolidation.","textRange":{"endColumn":1,"endLine":41,"startColumn":0,"startLine":41}},"ruleId":"DL3059","severity":"MINOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"-","message":"Multiple consecutive `RUN` instructions. Consider consolidation.","textRange":{"endColumn":1,"endLine":42,"startColumn":0,"startLine":42}},"ruleId":"DL3059","severity":"MINOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"-","message":"Multiple consecutive `RUN` instructions. Consider consolidation.","textRange":{"endColumn":1,"endLine":43,"startColumn":0,"startLine":43}},"ruleId":"DL3059","severity":"MINOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"-","message":"Always tag the version of an image explicitly","textRange":{"endColumn":1,"endLine":45,"startColumn":0,"startLine":45}},"ruleId":"DL3006","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"-","message":"Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`","textRange":{"endColumn":1,"endLine":62,"startColumn":0,"startLine":62}},"ruleId":"DL3013","severity":"MAJOR","type":"CODE_SMELL"}]}

Steps to reproduce the behavior

Run a hado scanner with the external issue analyzer to pull in hadolint output.

sonar-project.properties

sonar.docker.hadolint.reportPaths=./hado-out.json
sonar.externalIssuesReportPaths=./hado-out.json

My hadolint command and dockerfiles are a few libraries and templates deep so it's not 100% a fair representation to paste the commands I've been using, but the core linting logic looks like this.

docker pull hadolint/hadolint:latest-alpine
docker run --rm -i hadolint/hadolint hadolint -f sonarqube "$@" - < "$Dockerfile" > ./hado-out.json