How to authenticate and export vulnerability information

Hi. how can i write a python code to authenticate sonar with token and then get vulnerability information against API /api/projects/export_findings?

Hi @val_sparus and welcome to the community :wave:

you can use http basic authentication in order to authenticate against the sonarqube web api. the requests module is a good starter for interacting with the API if you are using python.

Regarding your second question, you will get a list of ALL findings on your project. If you are only interested in security related findings, you can look for "type":"SECURITY_HOTSPOT" in the json response object.

hope that helps

1 Like

thank you<3

I have successfully authenticated but cannot use the API :


Does the API still exist? i am using sonar 9.2

Yes this API exists in 9.2. you can view the embedded documentation if you browse to your sonarqube url and append /web_api/ .
what is the response you get?

You mean it has the form:

No. The API endpoint documentation is available under http://localhost:9000/web_api/ , but the API endpoint itself is http://localhost:9000/api/projects/export_findings.

also please note that this API endpoint is only available in the enterprise or datacenter edition as stated in SONAR-15334.

a simple python code could look something like this:


import requests
import json

def main():
    # you can use username/password of an existing user or a API token
    username = "YOUR_API_TOKEN"
    password = ""
    sonarqube_base_url = "http://localhost:9000"
    api_route = "/api/projects/export_findings"
    project_key = "test"

    url = sonarqube_base_url + api_route + "?project=" + project_key

    r = requests.get(url, auth=(username, password))

    if r.status_code == 200:
        print (json.dumps(r.json(), indent=4, sort_keys=True))

if __name__ == '__main__':
1 Like

Thank you so much, this is exactly what I needed <3