Must-share information (formatted with Markdown):
-
Sonarqube Enterprise 10.4
-
Azure Pipelines
-
Get OWASP Top 10 result via API for a portfolio
https://sonarqubeurl.abc/api/issues/search?componentKeys=Com_Discovery_Abc&facets=owaspTop10-2021&owaspTop10-2021=a1,a2,a3,a4,a5,a6,a7,a8,a9,a10 -
We get an API response but the results are different than what we see in the UI for that portfolio. We need to query this via API for our internal reporting, but the result is unreliable due to different values in the UI.
We tried this with Postman call.
Result output:
{‘a7’: 14, ‘a3’: 4, ‘a9’: 4, ‘a1’: 0, ‘a2’: 0, ‘a4’: 0, ‘a5’: 0, ‘a6’: 0, ‘a8’: 0, ‘a10’: 0}
{‘a3’: 1, ‘a1’: 0, ‘a2’: 0, ‘a4’: 0, ‘a5’: 0, ‘a6’: 0, ‘a7’: 0, ‘a8’: 0, ‘a9’: 0, ‘a10’: 0}
{‘a9’: 42, ‘a8’: 39, ‘a7’: 34, ‘a3’: 13, ‘a2’: 7, ‘a1’: 2, ‘a5’: 1, ‘a4’: 0, ‘a6’: 0, ‘a10’: 0}
{‘a3’: 14, ‘a9’: 14, ‘a7’: 3, ‘a1’: 0, ‘a2’: 0, ‘a4’: 0, ‘a5’: 0, ‘a6’: 0, ‘a8’: 0, ‘a10’: 0}
{‘a3’: 7, ‘a9’: 7, ‘a5’: 6, ‘a2’: 2, ‘a7’: 2, ‘a10’: 1, ‘a1’: 0, ‘a4’: 0, ‘a6’: 0, ‘a8’: 0}
{‘a7’: 8, ‘a1’: 0, ‘a2’: 0, ‘a3’: 0, ‘a4’: 0, ‘a5’: 0, ‘a6’: 0, ‘a8’: 0, ‘a9’: 0, ‘a10’: 0}
Screenshot is attached for the UI result.
It gives security vulnerabilities values on portfolio but those don’t match with sonarqube UI. This is a blocker for us.