Exporting Vulnerability/hotspot report as csv to be used with excel for cybersecurity reporting

I am a cybersecurity engineer. My static scanning tool of choice used to be Fortify, but my company moved to Sonarqube, which broke some of my processes. I’m trying to get the cybersecurity reporting back on track.

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Enterprise V9.6
  • what are you trying to achieve
    Export vulnerability and security hotspots reports in a format that can be imported into excel. I need a report that list the cybersecurity related vulnerability impact (HIGH, MEDIUM, and LOW). The vulnerability impact can be seen via the site within the vulnerability and security hotspot areas, but the impact doesn’t come through on the PDF report, and the PDF report doesn’t export into excel in any usable way, at least for my needs…
  • what have you tried so far to achieve this
    /api/security_hotspots/search?pageSize=500&componentKeys=projectkey&branch=project&ps=500&type=SECURITY_HOTSPOT%E2%80%9D

Hey there.

Considering api/security_hotspots doesn’t exist – I’m not surprised it hasn’t worked :smiling_face_with_tear:

Since you’re using Enterprise Edition, I think that GET api/projects/export_findings is a good candidate for you – check the Web API documentation linked in the footer of your instance.

But api/hotspots does.

I’ll try your suggestions. Thanks

I’m a Cybersecurity Engineer, I need to format the data so it is useful for vulnerability management and DoD reporting requirements. I’m not going to ask to purchase a 3rd party tool, so our enterprise SME’s are stuck with the issue. I have to say Fortify and Coverity are a lot more user friendly.

I’m going to assume the method you suggested is the most simple, and there’s not an easier way?

Using Web APIs? Yes.