Security hotspots unavailable as badge or in API

Template for a good bug report, formatted with Markdown:

  • versions used: 7.9.1.27448
    Or teams (10 scrumteams) heavily use sonarqube badges and some dashboard tiles that use the SQ api

Why can’t the metric Security_hotspot not be retrieved as a badge or via the api (e.g.: https://sblsats185:8443/api/project_badges/measure?project=nl.mindef.applicationframework&metric=security_hotspot)

This metric is important to us because of the importance of preventing vulnerabilities.

Hello @real_yggdrasil,

Thanks for reaching out about Security Hotspots. I think it’s a good idea to be able to show a badge with the number of Security Hotspots “To Review / In Review” so all developers know there are things to double-check and maybe hidden vulnerabilities.

Ultimately when we will have a better user experience around Security Hotspots we could think about computing the Security Review Rating at project level and also provide it as a Badge.

Security Review Rating ( security_review_rating ) The ratio of the number of Security Hotspots that are in “To Review” or “In Review” status per 1K lines of code.

I created https://jira.sonarsource.com/browse/SONAR-12456 so we work on it.

Alex

That’s all I could ask for! Thanks!!

Groeten/Regards,

Frank van Bokhoven

image001.png

Yggdra Solutions

www.yggdra.nl

Arnhemseweg 39

kvk: 09193694

6991DK Rheden

026-3706499

frankvanbokhoven@yggdra.nl

06-48109250