Get Rule key of security hotspot through the API

I am using the SonarCloud API and I want to find for each vulnerability and security hotspot of a project the cwe(s) (if any) related to the rule. I saw that the cwe(s) are not included in the vulnerability and hotspot info provided through the ‘api/issues/search’ and ‘api/hotspots/search’ endpoints, so for vulnerabilities I get the rule key provided and make a second request to ‘api/rules/show’. However, for security hotspots the rule key is not provided through the ‘api/hotspots/search’ endpoint. Anyway I can get that information?

Hey there.

You can use the (internal) Web API GET api/hotspots/show and provide the key of the security hotspot (from GET api/hospots/search) to find the rule ID of a hotspot.

Thank you for the prompt response. Follow-up question: can I get an ‘effort’ value for security hotspots like the one in vulnerabilities? It doesn’t seem to exist in the ‘api/hotspots’ documentation’s sample replies.

This concept doesn’t exist for security hotspots, as it’s hard to quantify “estimated time to review”.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.