Hi folks,
I am trying out Deeper SAST using SonarCloud. I forked and tried the “deeper-sast-demo” repository using GitHub Actions, and it worked. I have some sample Python files like sample1.py, sample2.py, etc., which I created to try out SAST. I have the Sonar CLI installed on my PC.
What I want is to scan these Python files either with the CLI or with Python code, and generate reports (for security) as JSON files.
I tried SonarQube Community Edition before and was able to generate reports for issues like “maintainability” using Python code like the example below:
api_url = f'{sonar_url}/api/issues/search?componentKeys={project_key}'
response = requests.get(api_url, auth=(sonar_token, ''))
issues = response.json()
Thanks in advance.