Query - returns the total number of issues due to Vulnerability

Hi guys ,

I need a query that returns the total number of issues due to vulnerabilities (security) for all projects.

The objective is to understand which projects are most critical in terms of vulnerability

version sonarqube: 8.3.1 Enterprise Edition


The easiest way would be to get this from the UI , see for example https://next.sonarqube.com/sonarqube/issues?resolved=false&types=VULNERABILITY

By deploying the “Project” arrow, you will get the sorted distribution by projects , for example from the URL above you would get :

Now if you really require to querying this by script, you should look for Web API GET api/issues/search and in its documentation (accessible from the footer pages in SonarQube UI) you will notice you can filter output by “types” and * VULNERABILITY is one of the possible types to filter on

This will provide exhaustive vulnerabilities across projects

To get it focused on a specific project key, you can also use the filtering on the componentKeys attribute

A usual pattern for such a script is to :

  • get an initial list of projects via GET api/projects/search
  • iterate over project keys to call the GET api/issues/search to get vulnerabilities per project
  • sort the results by descending order (option not provided by SonarQube Web API, use your favorite sort command)

I hope this reply finds you well