How to download report of Sonar issues after each SonarQube build of a project

Sonar Qube version: SonarQube Community Edition Version 7.9.3
Trying to download and email report of issues in a project after every sonar qube run which has details on the recent issues introduced (or) a report of count of issues in all the files of a sonar project.
From articles in internet, it is suggested to extract data from sonar qube WebAPI is the only solution. Please suggest if there is any other way around

Hello @Nirmala and welcome to the community :wave:

We have released a new LTS version (8.9.1) a few weeks ago. you should think about an update :wink:

The internet is more or less correct here. You can use the web API to extract the information you need with the community edition. if you are looking for a more user friendly feature you might be interested in Portfolios which are available in the Enterprise Edition of Sonarqube.
With these you have the possibility to download a pdf report of a portfolio on demand and subscribe to a weekly report mail to track changes in your portfolios

hope that helps :slight_smile:

I think a lot of people are experiencing something similar, to be honest.

@Tobias_Trabelsi, am I right in assuming that pdf reports are more of an aggregated view or history of the multiple projects in a portfolio over a certain period of time and not necessarily a pdf report of issues per build?

Also, is there any documentation on how to extract data from the SonarQube webAPI after every build? In my case, I’m keen to get data on issues.
I’m just moving to Enterprise Version 8.9 and I would be particularly interested in this.

Hi @teehammed01 ,

yes this is a good interpretation. you can always request a trial licence and check it out for yourself but as you are moving to EE anyway you will see it soon enough i guess :slight_smile:

i guess not to the extend you would like. in general everything you see in the web ui can also be accomplished via our API and we document this api. you can get to this documentation if you click on the questionmark in the top right of your sonarqube ui and after that on Web API.

to search for specific issues you might be interested in the api call api/issues/search where you can also specify a time frame where you want to search in.

Thanks for the response

Now i am trying to access Sonar web API with groovy script execution from jenkins to create a HTML for the newly introduced issues and mail them.

But getting error as Server responded with status 401 for url :
/api/issues/search?componentKeys= while accessing sonarqube web API from jenkins.

Please clarify if it is required for disable authorised access to sonarqube - to access Sonar API from any script template.

It is not needed to disable authorized access to sonarqube in order to program against the web API, but you need to authenticate your request. as described here you can use basic auth for that either with a personal access token that is generated from the UI or via a classic username and password combination

If it helps, this is how I’ve been able to implement something similar.

In my Jenkinsfile, I have an environment block as such

environment {
	apiToken = credentials('sonarToken')
	sonar_Url = "http://foo:9000"

And then a little shell curl command to extract the report and spit it out into a file.

curl -s -u $apiToken: "${sonar_Url}/api/measures/component_tree?ps=100&s=qualifier,name&component=${Sonar_Project}&metricKeys=ncloc,bugs,vulnerabilities,code_smells,security_hotspots,coverage,duplicated_lines_density&strategy=children" | python3 -m json.tool > codeReport.txt

You can use your browser’s developer tools to explore what calls are being made as the page gets rendered and then take it from there.

thanks . That helped