Get list of all issues for a specific project

Hello everyone,
I’m using SonarQube v.7.9.1 and I wanted to ask how can I get all issues for a specific project with SonarQube web API.

I’ve tried with a GET request at the address https://my-sonarqube-server/api/issues/search and it seems to work, but I get a (partial?) list of different projects.

How can I filter by project name?

Thank you so much.

I tried specifying the parameter componentKeys as my project ID and it seems to work. My only doubt is if the list of issues is complete or not. Is there a limit?

Thanks again.

Hello @Just_some_guy,
The list is limited to 10M as it is a limitation form the Elastic Search stack we use.
You can use the createdAfter and createdBefore parameter to extract the complete list in several calls.
Alex.

1 Like

Thank you very much for the info and for the tip Alexandre! Cheers!

I am able to use the API to pull issues, by project, to build my own reports, but I have not found a reasonable way to get over the per-project cap of 500 issues. I suppose I could try to determine total number of issues per project and use p=1,2,3, etc? If I do not specify ps param, it defaults to 100. I am capped at 500, which a couple of my projects exceed. This seems super clunky. Thoughts/advice?

Welcome :slight_smile:

you didn’t reveal your Sonarqube version.
Sonarqube 9.1 comes with a new api/projects/export_findings endpoint that allows to fetch all issues and hotspots for a given project and a given branch, see
https://jira.sonarsource.com/browse/SONAR-15334

Otherwise with older versions you may use something like that
get total issues via
api/issues/search?componentKeys=com.foo:bar&severities=CRITICAL&ps=1

and then use total = (issues.total.toFloat()/100).round() in a loop

counter = 1
while(counter <= total)
{
api/issues/search?componentKeys=com.foo:bar&severities=CRITICAL&ps=100&p=$counter
counter++
}

Gilbert

1 Like

Hi Gilbert,

Suppose if we have less than 100 issues and also if we have ex 120 issues we gonna miss out the issues. which is an issue. we need to make sure that all issues are returned with the above logic.

Thanks,
Prasad.

Hi,

which Sonarqube version do you use ?
If < Sonarqube 9.1 did you try with the proposal for older versions ?

Gilbert

I am using sonarqube version 9.2.3 community edition. Currently it is pulling only 100 issues by default. I have 2000 issues in the project and all needs to be pulled. I tried your method and it is rounding off to 0 (when 14 issues ) and to 1 (when 120 issues) and as resulting losing issues.

Hi Gilbert,

I am using community edition 9.2.3 version to retrieve. In this version is there any new way to get all the list of issues?

Thanks,
Prasad.

Hi Prasad,

somehow i missed that the new api/projects/export_findings endpoint was only implemented
for Sonarqube Enterprise.
When using Sonarqube Community you have to use api/issues/search instead.
You’re right about the rounding problem, my proposal was only briefly outlined without test.

At a second glance i would use something like that, a small example in Groovy

import groovy.json.*

def sqRest(url,method) {
  jsonSlurper = new JsonSlurper()
  raw ='yoursonartoken:'
  bauth = 'Basic ' + raw.bytes.encodeBase64().toString()
  conn = url.toURL().openConnection()
  conn.setRequestMethod(method)
  conn.setRequestProperty("Authorization", bauth)
  httpstatus = conn.responseCode
 // println "sqRest ResponseCode = $httpstatus"
  if(method == 'GET') {
    object = jsonSlurper.parseText(conn.content.text)
  }
}

issues = sqRest('https://yoursonarhost/api/issues/search?componentKeys=com.foo:bar&severities=CRITICAL&ps=1', 'GET')
println 'Total issues => ' + issues.total

if(issues.total > 100) {
  total = issues.total.toFloat()/50.round()
  counter = 1
  while(counter < total + 1) {
    response = sqRest("https://yoursonarhost/api/issues/search?componentKeys=com.foo:bar&severities=CRITICAL&ps=$counter", 'GET')
    println response.issues
    println response.issues.key.join(',')
    println response.issues.rule.join(',')
    counter++  
  }
}
else {
  response = sqRest('https://yoursonarhost/api/issues/search?componentKeys=com.foo:bar&severities=CRITICAL&ps=100', 'GET')
  println response.issues
  println response.issues.key.join(',')
  println response.issues.rule.join(',')
}

Alternatively if you use Python you should have a look into sonar-tools · PyPI
by Olivier Korach which has also sonar-findings-export feature.

Gilbert

Hi Gilbert,

Thanks for your reply. In the If loop you are intended to say p=counter instead of ps=counter in the below URL: Correct if I am wrong.

response = sqRest(“https://yoursonarhost/api/issues/search?componentKeys=com.foo:bar&severities=CRITICAL&ps=$counter”, ‘GET’)

Suppose if there are 720 issues, it is rounded to 14, In the first 8 (ps default value 100) iterations only all the issues are returned and next 6 iterations are wasted and if there are thousands of issues there will be more unnecessary iterations.

sonar-tools is very helpful tool. Thank you.