Hi. how can i write a python code to authenticate sonar with token and then get vulnerability information against API /api/projects/export_findings?
Hi @val_sparus and welcome to the community
you can use http basic authentication in order to authenticate against the sonarqube web api. the requests module is a good starter for interacting with the API if you are using python.
Regarding your second question, you will get a list of ALL findings on your project. If you are only interested in security related findings, you can look for "type":"SECURITY_HOTSPOT"
in the json response object.
hope that helps
thank you<3
I have successfully authenticated but cannot use the API :
/api/projects/export_findings
Does the API still exist? i am using sonar 9.2
Yes this API exists in 9.2. you can view the embedded documentation if you browse to your sonarqube url and append /web_api/
.
what is the response you get?
You mean it has the form:
http://localhost:9000//web_api/project/export_findings
???
No. The API endpoint documentation is available under http://localhost:9000/web_api/
, but the API endpoint itself is http://localhost:9000/api/projects/export_findings
.
also please note that this API endpoint is only available in the enterprise or datacenter edition as stated in SONAR-15334.
a simple python code could look something like this:
#!/usr/bin/python3
import requests
import json
def main():
# you can use username/password of an existing user or a API token
username = "YOUR_API_TOKEN"
password = ""
sonarqube_base_url = "http://localhost:9000"
api_route = "/api/projects/export_findings"
project_key = "test"
url = sonarqube_base_url + api_route + "?project=" + project_key
r = requests.get(url, auth=(username, password))
if r.status_code == 200:
print (json.dumps(r.json(), indent=4, sort_keys=True))
if __name__ == '__main__':
main()
Thank you so much, this is exactly what I needed <3