Rest API NOT return CWE-Number (Ex: CWE-564) for VULNERABILITY issue

When calling the API to get issues with type is VULNERABILITY of a project. We don’t see CWE-Number (Ex: CWE-564) from the JSON result file although it has CWE tags. Are there any way to get CWE-number of an issue with type is VULNERABILITY?

If we don’t support it. Could we have a plant so implement this feature?

Thank you.

Are there anyone can help?

Hi Henry,

We don’t effectively display the CWE number in the issue, cause a rule can have multiple ones on it.

We suggest you to make an extra call with the rule key to get the rule info (api route /api/rules/show?key=xxx) and then parse the description to get the proper CWE numbers.


Hi Mickael,

If we have mutiple CWE number in the issues, we can return a list of them on JSON file. I saw some other tools like WhiteHat or Checkmarx, they also return list of CWE-number.

I believe this very useful when we return a list of CWE number. Besides, other system will import Sonarqube data to their system through REST API and CWE number is what they want.

Thank you,

Do you think we should support this feature in near future?

Hello Henry,

The API api/issues/search allows to search for Issues for a given “CWE Identifier” thanks to the cwe parameter.

Do you think that will cover your use case? If not, can you explain what you are trying to achieve more precisely?