Cross-Project Summary Report

SonarQube Cloud
1

Hi all,

I love using Sonar cloud. I have many repos with sonar analysis configured. I’m looking for a way to generate a summary report ACROSS ALL sonar PROJECTS with the following properties:

  • Project name
  • A-E for Bugs
  • A-E Vulnerabilities
  • A-E Hotspots reviewed
  • A-E Code smells
  • A-E duplications

maybe with some additional useful properties on each grading

I couldn’t find any report feature like this in https://sonarcloud.io/projects

I’ve tried using https://sonarcloud.io/api/projects/search?organization=xxx but this doesn’t include the A-E grading on each of the above categories. only get

  {
    "paging": {
    "pageIndex": 1,
    "pageSize": 100,
    "total": 45
  },
  "components": [
    {
      "organization": "...",
      "key": "...",
      "name": "...",
      "qualifier": "..."
      "visibility": "...",
      "lastAnalysisDate": "...",
      "revision": "..."
    },
    ...

I’ve also tried using https://www.npmjs.com/package/node-sonar-api

Any suggestions would be great!

2

Hey there.

If you’re fine with going the API route (and iterating through a list of projects), using GET api/measures/component with the right metricKeys (see documentation on Metric Definitions should help you. ( sqale_rating , security_rating , reliability_rating , security_review_rating , etc.) should help you.

// https://sonarcloud.io/api/measures/component?component=maven-basic&metricKeys=sqale_rating,security_rating,reliability_rating,security_review_rating
{
   "component":{
      "id":"AX1MWN1rrurMTjyeNaqN",
      "key":"maven-basic",
      "name":"Example of basic Maven project",
      "qualifier":"TRK",
      "measures":[
         {
            "metric":"reliability_rating",
            "value":"1.0",
            "bestValue":true
         },
         {
            "metric":"security_rating",
            "value":"1.0",
            "bestValue":true
         },
         {
            "metric":"security_review_rating",
            "value":"1.0",
            "bestValue":true
         },
         {
            "metric":"sqale_rating",
            "value":"1.0",
            "bestValue":true
         }
      ]
   }
}
5

Thanks @Colin that worked great!

NodeJS code snippet below for others to use

import fetch from "node-fetch";

let apiRootUrl = "https://sonarcloud.io/api";

let projectsEndPoint = `${apiRootUrl}/projects/search?organization=[[Organisation]]`;
let measuresEndPoint = `${apiRootUrl}/measures`;
let measureFields = "metricKeys=sqale_rating,security_rating,reliability_rating,security_review_rating";

let settings = {
  method: "Get",
  headers: {
    Authorization:
      "Basic [[Token]]",
  },
};

fetch(projectsEndPoint, settings)
  .then((res) => {
    return res.json();
  })
  .then((json) => {
    const components = json.components;

    let promises = [];
    components.forEach((component) => {
      const url = `${measuresEndPoint}/component?component=${component.key}&${measureFields}`;
      promises.push(fetch(url, settings));
    });
    return Promise.all(promises);
  })
  .then(function (responses) {
    return Promise.all(
      responses.map(function (response) {
        if (response.ok) {
          return response.json();
        }
        throw new Error(response.statusText);
      })
    );
  })
  .then(function (measures) {
      measures.map(function (measure) {
          console.log(measure.component.name)
          console.log(measure.component.measures);
      });
  });
1 Like
6

Could you help to know how to run this nodejs code.

I tried via online compiler https://onecompiler.com and got below error.

Output:

index.js:1
import fetch from "node-fetch";
^^^^^^

SyntaxError: Cannot use import statement outside a module
    at Module._compile (internal/modules/cjs/loader.js:895:18)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)
    at Module.load (internal/modules/cjs/loader.js:815:32)
    at Function.Module._load (internal/modules/cjs/loader.js:727:14)
    at Function.Module.runMain (internal/modules/cjs/loader.js:1047:10)
    at internal/main/run_main_module.js:17:11
7

Does that help find code that is duplicated across projects? Suppose the same block of code is in each project once. Will that be flagged as duplicated code?

I see that we cannot comment on the following:

It looks like the feature we need was removed. However, it is important to find duplicate code across microservices. If we ignore this type of duplication, the cost of maintenance will increase, and you will have bugs corrected in some and not others. I have seen the cost of a past project “Records” at a previous company raise to millions of dollars, which was greater than what we could sell it for. It has violates “Don’t repeat yourself” DRY principal.