Getting vulnerabilities with relevant severities, statuses and names via API

Hello,

I would like to build some SonarQube dashboards on Elasticsearch by using the SonarQube API’s. Unfortunately, I could not get all data I need via APIs.

I can get the number of vulnerabilities (on metric level) with

https://MY_HOST/api/measures/component?component=my_project&metricKeys=KEY

However, this API does not provide information about the vulnerabilities’ severity (minor, major , etc.), statuses (open, resolved, closed, etc.) and vulnerability name.

In order to get this information, I tried https://MY_HOST/api/issues/search?types=VULNERABILITY&facets=types,severities&component?component=mirai?resolved=false,no

However, it does not still give the vulnerability type based on relevant severity, statuses or name.

Do you have any suggestions on how to proceed if there isn’t an API that provides that data?

Could you please help me on that?

Thank you in advance,
Gamze

Hey there.

While there’s no specific metric for “Blocker Code Smells”, you can use GET api/issues/search to filter for the issues and add facets=severities to get a breakdown by severity.

For example, at the bottom of this API call:

https://localhost:9000/api/issues/search?componentKeys=org.sonarsource.iac%3Aiac&types=types&facets=severities

  "facets":[
      {
         "property":"severities",
         "values":[
            {
               "val":"MINOR",
               "count":47
            },
            {
               "val":"MAJOR",
               "count":16
            },
            {
               "val":"CRITICAL",
               "count":5
            },
            {
               "val":"INFO",
               "count":1
            },
            {
               "val":"BLOCKER",
               "count":0
            }
         ]
      }
   ]
}

Hi Colin,
Thank you so much for your quick response. I will try what you advice.

Thank you!
Gamze