How to get issues report after sonar-scanner-cli processing / sinceLeakPeriod

Greetings!

I’m new to sonarqube and would like to ask your advide. I found sonarqube as great and very helpful solution, I’m looking for ways of integrate it as a part of CI/CD process, and stalled on inability to get a list of issues after particular scan since last commit, e.g. similar to “sinceLeakPeriod” option.

I’m using SonarQube Community 8.9.9.56886, sonar-scanner-cli in Docker 4.7.0.2747.

I searched though the forum and found similar requests, everyone suggested to use API. Here my findings:

  1. there was sonar-scanner-cli the “sonar.analysis.mode=preview” option, but it was removed
  2. after sonar-scanner-cli I can get the “https:///api/ce/task?id=AYKPm2gPLN5NEIO5aR50" API request which gives me next JSON:
    {
    “task”: {
    “id”: “AYKPj7X0LN5NEIO5aR5z”,
    “type”: “REPORT”,
    “componentId”: “AYKNRW-k11s9c_p6Y0G4”,
    “componentKey”: "
    ”,
    “componentName”: “*",
    “componentQualifier”: “TRK”,
    “analysisId”: “AYKPj89jUnGtVCo35NWc”,
    “status”: “SUCCESS”,
    “submittedAt”: “2022-08-12T00:58:57+0000”,
    “submitterLogin”: "
    ”,
    “startedAt”: “2022-08-12T00:58:58+0000”,
    “executedAt”: “2022-08-12T00:59:44+0000”,
    “executionTimeMs”: 45967,
    “hasScannerContext”: true,
    “warningCount”: 0,
    “warnings”:
    }
    }
    And I would like to get report after this scan, for example by analysisId - but I have no idea where can I use it.
  3. I could use the “https://***/api/issues/search?sinceLeakPeriod=true&p=1&ps=500&componentKeys=tests&timeZone=Z” request - it returns almost all I need, the issues list since last commit/leak, but in case I run requests in parallel it will be imposible to get particular result of particular build. The “api/issues” createdAt or createdAfter does not help also because it’s not the “Task’s” submittedAt or startedAt or executedAt datetime - it’s commited Issue’s datetime from SCM.

What would you advice in case I want to get such “Issues” report after sonar-scanner run? Maybe Developers or Enterprise Sonarqube editions have such option?

Kind regards,
Paul

SonarQube does not keep a point-in-time snapshot of how exactly a project looked at a particular time. There is “now”, alongside the history of measures (subject to housekeeping).

Maybe you can go into a bit more detail about why you need this issues report as opposed to relying on the UI. Where exactly does the need stem from?

Hello Colin, thank you for reply.
I wondering if it is possible to use the SonarQube scanner as a part of CI/CD workflow. For example I have project in SCM (git), several developers works on it and push changes daily, on each git push some CI run set of tests: php/js/html… linters, nodejs gulp processing, deployment, etc - and in case “current” commit has error/warning then responsible developer will have notification regarding possible syntax or logic error.
So I wondering to add SonarQube checks during this CI workflow, e.g. after linter scan do SonarQube scan and report to developer if “Code Smells bad” and “what exactly smells bad” in this particular commit.
So I found the “https://***/api/issues/search” API call almost ideal, but I don’t know how to get the the exact last/current scan results? It seems the “sinceLeakPeriod=true” option should do the job if sonar.projectVersion will be updated, but in case there will be simultaneous SonarQube scanner runs then I could have incorrect scan result and would like some permanent scan identifier like “analysisId”, and I don’t know how to use it.

Kind regards,
Paul

Hey there.

I think it’s worth pushing the conversation about what API calls to make until after exploring the native features of SonarQube more.

Ideally, SonarQube would be built into your CI/CD pipeline and then Branch/Pull Request Analysis would allow your developers to see exactly what new issues they introduced before the code is ever merged. This is available with Developer Edition and higher.