Hello everyone,
I’m using SonarQube v.7.9.1 and I wanted to ask how can I get all issues for a specific project with SonarQube web API.
I’ve tried with a GET request at the address https://my-sonarqube-server/api/issues/search and it seems to work, but I get a (partial?) list of different projects.
I tried specifying the parameter componentKeys as my project ID and it seems to work. My only doubt is if the list of issues is complete or not. Is there a limit?
Hello @Just_some_guy,
The list is limited to 10M as it is a limitation form the Elastic Search stack we use.
You can use the createdAfter and createdBefore parameter to extract the complete list in several calls.
Alex.
I am able to use the API to pull issues, by project, to build my own reports, but I have not found a reasonable way to get over the per-project cap of 500 issues. I suppose I could try to determine total number of issues per project and use p=1,2,3, etc? If I do not specify ps param, it defaults to 100. I am capped at 500, which a couple of my projects exceed. This seems super clunky. Thoughts/advice?
you didn’t reveal your Sonarqube version.
Sonarqube 9.1 comes with a new api/projects/export_findings endpoint that allows to fetch all issues and hotspots for a given project and a given branch, see https://jira.sonarsource.com/browse/SONAR-15334
Otherwise with older versions you may use something like that
get total issues via api/issues/search?componentKeys=com.foo:bar&severities=CRITICAL&ps=1
and then use total = (issues.total.toFloat()/100).round() in a loop
Suppose if we have less than 100 issues and also if we have ex 120 issues we gonna miss out the issues. which is an issue. we need to make sure that all issues are returned with the above logic.
I am using sonarqube version 9.2.3 community edition. Currently it is pulling only 100 issues by default. I have 2000 issues in the project and all needs to be pulled. I tried your method and it is rounding off to 0 (when 14 issues ) and to 1 (when 120 issues) and as resulting losing issues.
somehow i missed that the new api/projects/export_findings endpoint was only implemented
for Sonarqube Enterprise.
When using Sonarqube Community you have to use api/issues/search instead.
You’re right about the rounding problem, my proposal was only briefly outlined without test.
At a second glance i would use something like that, a small example in Groovy
Suppose if there are 720 issues, it is rounded to 14, In the first 8 (ps default value 100) iterations only all the issues are returned and next 6 iterations are wasted and if there are thousands of issues there will be more unnecessary iterations.
sonar-tools is not working with SonarQube 9.7. it is stuck at the below stage, I gave admin token during this run. 9.7 community edition officially released?
pip install sonar-tools
Collecting sonar-tools
Downloading sonar_tools-2.4.1-py3-none-any.whl (184 kB)
Collecting datetime
Downloading DateTime-4.7-py2.py3-none-any.whl (52 kB)
Collecting argparse
Downloading argparse-1.4.0-py2.py3-none-any.whl (23 kB)
Collecting pytz
Downloading pytz-2022.5-py2.py3-none-any.whl (500 kB)
Collecting python-dateutil
Downloading python_dateutil-2.8.2-py2.py3-none-any.whl (247 kB)
Collecting jprops
Downloading jprops-2.0.2-py2.py3-none-any.whl (9.1 kB)
Collecting requests
Downloading requests-2.27.1-py2.py3-none-any.whl (63 kB)
Collecting zope.interface
Downloading zope.interface-5.5.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (253 kB)
Collecting six>=1.5
Downloading six-1.16.0-py2.py3-none-any.whl (11 kB)
Collecting charset-normalizer~=2.0.0
Downloading charset_normalizer-2.0.12-py3-none-any.whl (39 kB)
Collecting certifi>=2017.4.17
Downloading certifi-2022.9.24-py3-none-any.whl (161 kB)
Collecting urllib3<1.27,>=1.21.1
Downloading urllib3-1.26.12-py2.py3-none-any.whl (140 kB)
Collecting idna<4,>=2.5
Downloading idna-3.4-py3-none-any.whl (61 kB)
Requirement already satisfied: setuptools in /usr/local/lib/python3.6/site-packages (from zope.interface->datetime->sonar-tools) (57.5.0)
Installing collected packages: zope.interface, urllib3, six, pytz, idna, charset-normalizer, certifi, requests, python-dateutil, jprops, datetime, argparse, sonar-tools
Successfully installed argparse-1.4.0 certifi-2022.9.24 charset-normalizer-2.0.12 datetime-4.7 idna-3.4 jprops-2.0.2 python-dateutil-2.8.2 pytz-2022.5 requests-2.27.1 six-1.16.0 sonar-tools-2.4.1 urllib3-1.26.12 zope.interface-5.5.0
WARNING: Running pip as the ‘root’ user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: 12. Virtual Environments and Packages — Python 3.11.0 documentation
WARNING: You are using pip version 21.2.4; however, version 21.3.1 is available.
You should consider upgrading via the ‘/usr/local/bin/python -m pip install --upgrade pip’ command.
[Pipeline] sh
Warning: A secret was passed to “sh” using Groovy String interpolation, which is insecure.
Affected argument(s) used the following variable(s): [TOKEN]
See https://jenkins.io/redirect/groovy-string-interpolation for details.
export SONAR_HOST_URL=https://<>>.biz
export SONAR_TOKEN=****
sonar-findings-export -t **** -k services --format json
2022-10-27 13:49:44,814 | sonar-tools | INFO | MainThread | Set debug level to INFO
2022-10-27 13:49:44,814 | sonar-tools | INFO | MainThread | sonar-tools version 2.4.1
2022-10-27 13:49:44,815 | sonar-tools | INFO | MainThread | Listing projects
2022-10-27 13:49:45,008 | sonar-tools | INFO | MainThread | Exporting findings for 1 projects with params {‘url’: ‘https://<>>.biz’, ‘projectKeys’: ‘services’, ‘format’: ‘json’, ‘csvSeparator’: ‘,’, ‘threads’: 8, ‘useFindings’: False, ‘withURL’: False}
2022-10-27 13:49:45,008 | sonar-tools | INFO | MainThread | Dumping report to stdout
2022-10-27 13:49:45,008 | sonar-tools | INFO | findingSearch0 | Project ‘services’ issue search
2022-10-27 13:49:45,011 | sonar-tools | INFO | MainThread | Starting finding writer thread ‘findingWriter’