Hello everyone,
I’m using SonarQube v.7.9.1 and I wanted to ask how can I get all issues for a specific project with SonarQube web API.
I’ve tried with a GET request at the address https://my-sonarqube-server/api/issues/search and it seems to work, but I get a (partial?) list of different projects.
How can I filter by project name?
Thank you so much.
I tried specifying the parameter componentKeys as my project ID and it seems to work. My only doubt is if the list of issues is complete or not. Is there a limit?
Thanks again.
Hello @Just_some_guy,
The list is limited to 10M as it is a limitation form the Elastic Search stack we use.
You can use the createdAfter and createdBefore parameter to extract the complete list in several calls.
Alex.
Thank you very much for the info and for the tip Alexandre! Cheers!
I am able to use the API to pull issues, by project, to build my own reports, but I have not found a reasonable way to get over the per-project cap of 500 issues. I suppose I could try to determine total number of issues per project and use p=1,2,3, etc? If I do not specify ps param, it defaults to 100. I am capped at 500, which a couple of my projects exceed. This seems super clunky. Thoughts/advice?
Welcome 
you didn’t reveal your Sonarqube version.
Sonarqube 9.1 comes with a new api/projects/export_findings endpoint that allows to fetch all issues and hotspots for a given project and a given branch, see
https://jira.sonarsource.com/browse/SONAR-15334
Otherwise with older versions you may use something like that
get total issues via
api/issues/search?componentKeys=com.foo:bar&severities=CRITICAL&ps=1
and then use total = (issues.total.toFloat()/100).round() in a loop
counter = 1
while(counter <= total)
{
api/issues/search?componentKeys=com.foo:bar&severities=CRITICAL&ps=100&p=$counter
counter++
}
Gilbert
Hi Gilbert,
Suppose if we have less than 100 issues and also if we have ex 120 issues we gonna miss out the issues. which is an issue. we need to make sure that all issues are returned with the above logic.
Thanks,
Prasad.
Hi,
which Sonarqube version do you use ?
If < Sonarqube 9.1 did you try with the proposal for older versions ?
Gilbert
I am using sonarqube version 9.2.3 community edition. Currently it is pulling only 100 issues by default. I have 2000 issues in the project and all needs to be pulled. I tried your method and it is rounding off to 0 (when 14 issues ) and to 1 (when 120 issues) and as resulting losing issues.
Hi Gilbert,
I am using community edition 9.2.3 version to retrieve. In this version is there any new way to get all the list of issues?
Thanks,
Prasad.
Hi Prasad,
somehow i missed that the new api/projects/export_findings endpoint was only implemented
for Sonarqube Enterprise.
When using Sonarqube Community you have to use api/issues/search instead.
You’re right about the rounding problem, my proposal was only briefly outlined without test.
At a second glance i would use something like that, a small example in Groovy
import groovy.json.*
def sqRest(url,method) {
jsonSlurper = new JsonSlurper()
raw ='yoursonartoken:'
bauth = 'Basic ' + raw.bytes.encodeBase64().toString()
conn = url.toURL().openConnection()
conn.setRequestMethod(method)
conn.setRequestProperty("Authorization", bauth)
httpstatus = conn.responseCode
// println "sqRest ResponseCode = $httpstatus"
if(method == 'GET') {
object = jsonSlurper.parseText(conn.content.text)
}
}
issues = sqRest('https://yoursonarhost/api/issues/search?componentKeys=com.foo:bar&severities=CRITICAL&ps=1', 'GET')
println 'Total issues => ' + issues.total
if(issues.total > 100) {
total = issues.total.toFloat()/50.round()
counter = 1
while(counter < total + 1) {
response = sqRest("https://yoursonarhost/api/issues/search?componentKeys=com.foo:bar&severities=CRITICAL&ps=$counter", 'GET')
println response.issues
println response.issues.key.join(',')
println response.issues.rule.join(',')
counter++
}
}
else {
response = sqRest('https://yoursonarhost/api/issues/search?componentKeys=com.foo:bar&severities=CRITICAL&ps=100', 'GET')
println response.issues
println response.issues.key.join(',')
println response.issues.rule.join(',')
}
Alternatively if you use Python you should have a look into sonar-tools · PyPI
by Olivier Korach which has also sonar-findings-export feature.
Gilbert
Hi Gilbert,
Thanks for your reply. In the If loop you are intended to say p=counter instead of ps=counter in the below URL: Correct if I am wrong.
response = sqRest(“https://yoursonarhost/api/issues/search?componentKeys=com.foo:bar&severities=CRITICAL&ps=$counter”, ‘GET’)
Suppose if there are 720 issues, it is rounded to 14, In the first 8 (ps default value 100) iterations only all the issues are returned and next 6 iterations are wasted and if there are thousands of issues there will be more unnecessary iterations.
sonar-tools is very helpful tool. Thank you.
Hi Gilbert,
sonar-tools is not working with SonarQube 9.7. it is stuck at the below stage, I gave admin token during this run. 9.7 community edition officially released?
Unfortunately, I haven’t had time to get serious about Python, so I haven’t used
sonar-tools yet and therefore can’t be of help.
You may contact Olivier Korach via the project page
or via PM here in the forum !?
Hi Gilbert,
How to contact him ? Could you tell me where can I post so that he can see my posts
Thanks,
Prasad.