(Enterprise 10.4) Sonarqube OWASP top 10 shows different values in API response compared to UI

Must-share information (formatted with Markdown):

API: https://sonarqubeurl.abc/api/issues/search?componentKeys=Com_Discovery_Abc&facets=owaspTop10-2021&owaspTop10-2021=a1,a2,a3,a4,a5,a6,a7,a8,a9,a10

Result output:
{‘a7’: 14, ‘a3’: 4, ‘a9’: 4, ‘a1’: 0, ‘a2’: 0, ‘a4’: 0, ‘a5’: 0, ‘a6’: 0, ‘a8’: 0, ‘a10’: 0}
{‘a3’: 1, ‘a1’: 0, ‘a2’: 0, ‘a4’: 0, ‘a5’: 0, ‘a6’: 0, ‘a7’: 0, ‘a8’: 0, ‘a9’: 0, ‘a10’: 0}
{‘a9’: 42, ‘a8’: 39, ‘a7’: 34, ‘a3’: 13, ‘a2’: 7, ‘a1’: 2, ‘a5’: 1, ‘a4’: 0, ‘a6’: 0, ‘a10’: 0}
{‘a3’: 14, ‘a9’: 14, ‘a7’: 3, ‘a1’: 0, ‘a2’: 0, ‘a4’: 0, ‘a5’: 0, ‘a6’: 0, ‘a8’: 0, ‘a10’: 0}
{‘a3’: 7, ‘a9’: 7, ‘a5’: 6, ‘a2’: 2, ‘a7’: 2, ‘a10’: 1, ‘a1’: 0, ‘a4’: 0, ‘a6’: 0, ‘a8’: 0}
{‘a7’: 8, ‘a1’: 0, ‘a2’: 0, ‘a3’: 0, ‘a4’: 0, ‘a5’: 0, ‘a6’: 0, ‘a8’: 0, ‘a9’: 0, ‘a10’: 0}

Screenshot is attached for the UI result.

It gives security vulnerabilities values on portfolio but those don’t match with sonarqube UI. This is a blocker for us.


The best way to master the API is to perform the desired action via the UI and eavesdrop to see which calls the UI made to accomplish the action.

In your case, it looks like you’re comparing the results of a call that’s generally used on the Issues page with the results of a Security Report. So I started on the Issues page to see the version of the query that the UI uses:


There’s a lot more in my URL than in yours, so I started whittling it down, argument by argument, to see what made the difference. I never did get down to an array of arrays, like you show in your “Result output”. It was only every one set of owaspTop10-2021 values, and always in alpha-numerical order.

But I did find a key difference. You see, my API call results always matched what shows up in the security report until I removed this argument:


Then the numbers jumped because they suddenly included all the False Positive and Won’t Fix issues.

That’s probably what’s going on for you, as well.


You may also find this guide helpful.