The suggested workaround (different projectKey for every run) is working well. For the “issues search api” response to sonar-report.json conversion, I made a little jq script.
usage:
curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key&resolved=false \
| jq -f sonar-report-builder.jq > sonar-report.json
sonar-report-builder.jq.txt (843 Bytes)