My team is currently working on internal structures to monitor our license usage more closely, given the high number of components we manage. During this process, we encountered some inconsistencies that we would appreciate your clarification on.
When using endpoint X (detailed below), we receive a JSON file with license consumption details per project. However, summing project[“linesOfCode”] across all returned projects results in a discrepancy of over 150K lines compared to the total shown in the license endpoint Y.
Also, out of over N projects registered in our Sonar instance, only about N/2 are returned by endpoint X. Initially, we assumed this was due to many projects being empty (not analyzed, created through APIs), but even after accounting for that, over 100 empty projects are still missing from the count. We assumed that only already analyzed components were counted in endpoint Y, but we have not received clarification on the criteria for a component to appear in the response from endpoint X.
Given this, we would like to ask:
How can we gain real-time visibility into our license usage without relying solely on endpoint Y? Isn’t there any view that offer a individual component perspective?
What are the exact criteria for a component to be included in the list returned by endpoint X?
For license enforcement purposes, which value is used: the sum of linesOfCode from endpoint X, or the total shown in endpoint Y?
We appreciate your support in helping us better understand and manage our license usage.
I just hit GET api/projects/license_usage on one of our internal instances and I’m also seeing only a selection of projects returned. That’s now how it should work – all projects should be returned. I’m flagging this for the team as a bug!
When everything is working correctly, the sum of linesOfCode returned by Endpoint X should equal Endpoint Y.
Hello @balbi_andre thanks for raising this.
For license enforcement purposes, the value returned from endpoint Y is the one used.
The endpoint X when introduced was based on a much more expensive database query, and it is supposed to provide the correct values project by project.
While checking the endpoint for version 2025.1 I noticed that its logic was changed in order to make it faster, I will check in details how projects can be filtered out from the response.
Because that was not the behavior when the endpoint was initially introduced.
I will check this internally with the squad that worked on the updated logic and I will come back to you.
@balbi_andre while checking again this topic I realized that I am missing one thing about the discrepancy.
Is that positive or negative? Are you getting more lines of code using endpoint X or Y?
Hi Matteo, Andre isn’t working with us anymore.
It’s a bad thing, we are getting more lines in the Y endpoint, which is the one that, when hits the limit, blocks sonar Scans.
But we don’t believe that it is wrong, is just that we use the endpoint X to track usage, and since it’s incomplete, we don’t know if there is a single project missing responsible for that ammount of diference or multiple small ones.
Thanks @DavidKirschBV, yes I confirm that it is not wrong, but with this information I can try to better understand why the Y endpoint is returning you less stuff.
In a perfectly normal scenario, the two endpoints return the exact same value.
Is this discrepancy constant? Does it fluctuate over time?
Sorry @DavidKirschBV for not following up this topic.
I did not manage to reproduce at all, but of course the issue on your side is a clear indicator that something is wrong.
I logged this ticket now, but to be honest at the moment is not ready to be worked on since it is not clear what is condition that makes the two endpoint values diverge.
In any case you can follow the ticket, this is the typical stuff that we try to fix before releasing a new LTA version.
Another test I can suggest, would it be possible to run a new analysis on one of the projects not being returned by the api/projects/license_usage endpoint?
Because I would expect that the discrepancy is related to project not showing up there.
I checked here, we do have around 600 components of technology Karate that run through sonar weekly, only one shows in the api/projects/license_usage currently. Their names start with “karate”, so a ctrl+f returns only 3 results, 2 for the same object of one component and 1 result for another component that was with the wrong key.
Peach at the moment is running on version 2025.4.1 but I am not aware of any change performed in the calculation of the values from both endpoint happening between version 2025.1 and 2025.4.
I am going to ask full access to that instance since at the moment I don’t have the access rights needed to try to reproduce this issue.
Apparently as mentioned by Colin even in that instance the discrepancy in not visible anymore.
I will add my findings to the Jira and I will update also this post as soon as I manage to have at least a reproducer of the problem.
