Issues: how to export them into a excel

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) : 8.2 Community Edition

  • what are you trying to achieve
    I am trying to extract the Issues to excel which could help me in categorizing them based on Vulnerability / Blocker with the Rule / Tag. Share this extracted report with the development team.

  • what have you tried so far to achieve this
    I have tried looking at the forum which suggest to use web-api but not sure how to apply this. Could you please provide a step-by-step guide if you have for this?
    or any other guide which would help me in extracting the Issues output to excel with clear instructions to follow?


Greetings Sumathi,

Why not give developers access to the (or a) SonarQube server so that the developers can examine the results themselves? We encourage that whenever possible instead of generating some external report so that the the results are actionable (can be marked as “false positive” or “won’t fix”, confirmed) and viewed with all the right context.


Hi Colin,

Thanks for your quick response.

As we need to share these report with our client who have requested for a Vulnerability report for the application developed by us. Could you share any information on extracting the Report would be of great help!

Thanks in advance



You didn’t answer my question! :smiley:

The Web API is linked in the footer of your SonarQube instance, and the JSON output of our Web APIs can be transformed into external reports.

If you’re curious exactly what Web API calls are being made when you see something in SonarQube, you can always open up the Dev Tools for your browser and observe the network calls.

Unfortunately, I have no examples to share. It’s really not our recommended way of getting value out of SonarQube.


@sumathi - the best way to leverage the API is via a scripting language (i.e. Python or PowerShell) or a programming language (i.e. Java). You can use a shell script like bash with curl commands but post-call manipulation of the data can be difficult in shell scripting. We find scripting languages to be the optimal approach as Sonarqube often injects breaking changes into the API that require the scripts to be reworked.

Thanks Colin for your response.

Sorry for not answering the previous question…we have been sharing the report internally with our developers throught SonarQube server only.

One of our client requires us to provide a vulnerability report i.e reason I was looking to generate excel to share with them and to make sure that we don’t provide the source code details of our project.


Hi Richard,

Thanks for your response…We are using Java programming language.We have just started using Sonarqube and yet to explore many options available.