I am looking to retrieve SonarCloud historical trend data of Vulnerabilities, Bugs and Security Hotspot with Severity of BLOCKER and CRITICAL only.
I have used this API https://sonarcloud.io/api/issues/search?componentKeys={project_key}&types=BUG,VULNERABILITY,SECURITY_HOTSPOT&severities=CRITICAL,BLOCKER which only shows me latest issue with BLOCKER and CRITICAL severity.
I am more interested for a historical trend like this API https://sonarcloud.io/api/measures/search_history?metrics=critical_violations&from=2020-01-01&ps=100&component={project_key} but this violations include CODE_SMELLS which is something I do not want to track. If I swap the metrics for Vulnerabilities, Bugs and Security Hotspot, it wont shows severity.
Welcome to the community and sorry for the late reply!
Could you give a bit more details on the use case you are trying to cover? What are you trying to achieve?
In any case we currently don’t store the historical data up to this level of details, so you won’t be able to get this information with the current api endpoints.
So you could make a feature request for it backed up by your use case and if it gets enough traction from the community it could get implemented.
Or you could keep using api/issues/search every day and build the historical data on you own, storing it on you side.
My use case is to build metrics tracking visualizations that use SonarCloud API to query my organization’s SonarCloud projects about their historical trend data of Vulnerabilities, Bugs and Security Hotspot with Severity of BLOCKER and CRITICAL only.
It will be good that we can go into details of each issue with filter of severity.
Yea, we thought of calling the api/issues/search every fixed period and store in a db but would be better if SonarCloud have such API to reduce this layer of complexity.
This is a solution you want to setup, but for what need ? Why do you need such detailed historical trend ?
I’m trying to understand what’s the real need behind to see how best we can address it.
For sure it would definitely be easier if SonarCloud provided such API but it’s not the case for now and not on our radar yet either.
The main intention is to see how each of these SonarCloud projects improve over time in addressing these issue filtering by severity. The goal is to have visualizations similar to what the existing out-of-the-box Activity has, but more granular with severity filter and aggregating multiple projects in single visualization.