Hi,
The best way to master the API is to perform the desired action via the UI and eavesdrop to see which calls the UI made to accomplish the action.
In your case, it looks like you’re comparing the results of a call that’s generally used on the Issues page with the results of a Security Report. So I started on the Issues page to see the version of the query that the UI uses:
https://next.sonarqube.com/sonarqube/api/issues/search?components=MASTER_PROJECT&s=FILE_LINE&issueStatuses=CONFIRMED%2COPEN&ps=1&facets=owaspTop10-2021&additionalFields=_all&timeZone=America%2FKentucky%2FMonticello
There’s a lot more in my URL than in yours, so I started whittling it down, argument by argument, to see what made the difference. I never did get down to an array of arrays, like you show in your “Result output”. It was only every one set of owaspTop10-2021 values, and always in alpha-numerical order.
But I did find a key difference. You see, my API call results always matched what shows up in the security report until I removed this argument:
&issueStatuses=CONFIRMED%2COPEN
Then the numbers jumped because they suddenly included all the False Positive and Won’t Fix issues.
That’s probably what’s going on for you, as well.
HTH,
Ann
You may also find this guide helpful.