Update README with a note which describes how to import a SonarQube r…

…eport (#572)
securego · Feb 11, 2021 · 2777e50 · 2777e50
1 parent 897c203
commit 2777e50
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -300,6 +300,8 @@ file. The output format is controlled by the `-fmt` flag, and the output file is
 $ gosec -fmt=json -out=results.json *.go
 ```
 
+**Note:** gosec generates the [generic issue import format](https://docs.sonarqube.org/latest/analysis/generic-issue/) for SonarQube, and a report has to be imported into SonarQube using `sonar.externalIssuesReportPaths=artifacts/test/gosec-report.json`.
+
 ## Development
 
 ### Build