Changing instance mode does not affect API responses

mt-ib · February 24, 2025, 11:09am

Hi, we’re trying out SonarQube Server Enterprise v2025.1.
According to the documentation here, we can switch between Standard Experience and MQR mode. Switching the modes updates the data displayed in the Web UI as expected. However, the GET api/projects/export_findings endpoint returns data in the newer MQR format regardless of which mode is set, same as response example in the API docs:

{
  "export_findings": [
    {
      ...
      "issueStatus": "OPEN",
      ...
      "cleanCodeAttribute": "CLEAR",
      "cleanCodeAttributeCategory": "INTENTIONAL",
      "impacts": [
        {
          "softwareQuality": "SECURITY",
          "severity": "HIGH"
        }
      ]
    },
    ...
  ]
}

The latest changelog entry in the API docs for that endpoint states: 10.8 'type' and 'severity' fields are not deprecated anymore. Based on that it seems that those fields should still be returned. As this is contradictory, it is not clear if current behavior is intended or if this is a bug.

Colin · February 24, 2025, 2:20pm

Hey @mt-ib

As far as I can tell, type and severity are still returned! From my instance:

{
  "export_findings": [
    {
      "key": "b61c656f-d208-44d5-927e-65349a42e4d9",
      "projectKey": "test",
      "branch": "main",
      "path": "token.js",
      "lineNumber": "1",
      "message": "Make sure this Alibaba Cloud Access Key ID gets revoked, changed, and removed from the code.",
      "status": "OPEN",
      "issueStatus": "OPEN",
      "createdAt": "2025-02-24T15:09:22+0100",
      "updatedAt": "2025-02-24T15:09:22+0100",
      "ruleReference": "secrets:S6336",
      "cleanCodeAttribute": "TRUSTWORTHY",
      "cleanCodeAttributeCategory": "RESPONSIBLE",
      "impacts": [
        {
          "softwareQuality": "SECURITY",
          "severity": "BLOCKER"
        }
      ],
      "comments": [],
      "type": "VULNERABILITY",
      "severity": "BLOCKER",
      "effort": "30",
      "tags": "cwe"
    }
  ]
}

Is there a specific rule you’re facing this issue on?

mt-ib · February 24, 2025, 2:49pm

Hey thank you and sorry, I somehow completely overlooked the status and severity fields in the response, they are indeed present. The newly introduced fields took my focus completely.

system · March 3, 2025, 2:50pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.