What am I trying to accomplish?
I need to build and maintain an accurate inventory of which repositories are being analyzed by SonarQube. While the web UI shows which VCS repository (GitHub/Azure/GitLab) each project is bound to, this information isn’t available in the API. Adding this metadata to the API would enable automated discovery and validation of repository coverage.
Why does this matter?
Organizations need to track and validate their development tooling coverage. Without VCS binding data in the API:
- We can’t automatically verify all repositories are being analyzed
- We must manually check web UI to map projects to repositories
- Integration with asset management systems requires manual data entry
- Compliance tracking and reporting requires manual effort
How would it look in SonarCloud?
The /api/projects/search endpoint response would include new fields for each project:
{
"organization": "my-org",
"key": "my-org_my-repo",
"name": "My Repository",
"vcs": {
"provider": "github",
"repository": "my-org/my-repo",
"url": "https://github.com/my-org/my-repo"
}
}
How would we know it works well? Success metrics:
- API returns same VCS data shown in web UI
- Data format supports all VCS providers
- Response includes enough detail to uniquely identify repositories
- Performance impact on API is minimal
Why should it be a priority?
As teams scale their use of SonarCloud across hundreds of repositories, manual tracking becomes unsustainable. This API enhancement would:
- Reduce manual effort in inventory management
- Enable automated validation of analysis coverage
- Support integration with asset management tools
- Help teams ensure complete code quality coverage