SonarCloud API - improvment opportunities

Seb421 · March 28, 2024, 6:18pm

Hello,
I’m using SonarCloud APIs and I detected some problems / opportunities of improvments :

The parameters are not the same between APIs. For example, the projects can be named project (api/project_branches/list), componentKeys (api/issues/search) , projectKey (api/hotspots/search), etc.
=> It would be better to use the same parameter name for all the time
The doc does not provide all the values for the parameters. For example, the parameter metricKeys of the API Measure only provide the values ncloc,complexity,violations but more are available in reality.
The API project_badges is not working. I tested several other API but this one return a message it is not able to find the project. Here is the souce code :

url = “https://sonarcloud.io/api/project_badges/measure”

query = {

“project” : projectKey,

“branch” : branchKey,

“metric” : “security_rating”,

“p” : 1,

“ps” : 500

}

r = requests.get(

url,

params = query,

auth=(api_key,‘’),

verify=False)

return r

sodul · March 29, 2024, 7:41am

Agreed, the public API could use some TLC, and unifying the parameters names would be a solid improvement. This would have to be done with backward compatibility in mind so everyone that is using the API will not have to rewrite all their scripts overnight. Maybe sonarcloud could notify customers monthly if they use deprecated parameters during a multi months transition period.

Some other improvements for the API:

provide a Python SDK, this would increase adoption of the web API by making it easier to write automation scripts.
publish a terraform provider. There are many settings that are not shareable, so configuration as code would be much better than clicking around for organizations with many projects.

Mathieu_Suen · April 4, 2024, 12:27pm

Hi @Seb421

Thanks for your feedback.

We are aware of the naming convention issue for the parameter. We have some long-term plans to improve that.

About the 3. point, have you check the documentation for this API. If your project is private you must provide a token. You can also get those URLs from the project page information: https://sonarcloud.io/project/information?id=[project key]

Let me know if you need more helps.

HTH

Seb421 · April 19, 2024, 1:49pm

Hi Mathieu
sorry for my late answer. yes, I read the documentation and provided the right data, even for this private project (you can see in my code above the token is provided). I tested many other sonar API with success but this one is not working. The respond code is 200 and a SVG is created but with the message “Project not found” inside.

Mathieu_Suen · May 2, 2024, 12:19pm

Are you sure to request the badge using this format:
https://sonarcloud.io/api/project_badges/measure?project=YYY&token=XXX&…

Token is part of the query parameter. This is the only authentication mechanism in this API.

Seb421 · May 3, 2024, 12:47pm

Hello,
I tried many ways: token in the query, as auth in the GET request. I even tried in the url like you proposed but still the same message.

Mathieu_Suen · May 7, 2024, 12:24pm

What kind of token did you use? The only one that is going to work is the one that you get from the project information page.

Seb421 · May 7, 2024, 12:42pm

I used the token generated here. It is working with the other sonar APIs.

Mathieu_Suen · May 7, 2024, 2:09pm

This is not the correct token to use. The token is self-generated and exposed on the project information page.

Seb421 · May 7, 2024, 2:54pm

Thank you. It is now working for a project.

My goal was to generate a report of all the projects using the badges and I don’t want to store the token of each project in my source code. Is there a way to get the project token from an API ?

For example, the API “https://sonarcloud.io/api/projects/search” returns some information for each project. It could return the token project.

Mathieu_Suen · May 13, 2024, 9:11am

You could also use the https://sonarcloud.io/api/qualitygates/project_status for that matter.

Seb421 · May 13, 2024, 2:26pm

Mathieu,
the API qualitygates/project_status does not provide all the information I need.

I will use a combination of several API to get the information I need:

measures/component : security_rating, reliability_rating, sqale_rating, coverage
qualitygates/project_status : quality gate status
project_branches/list : bugs, vulnerabilities, codeSmells

By the way, is there a way to get the metric for the new code instead of the overall code ?

Mathieu_Suen · May 27, 2024, 12:16pm

A full list of metrics can be found using this API: https://sonarcloud.io/api/metrics/search
Anything starting with new is targeting the new code.

Topic		Replies	Views
Deprecation of API endpoint parameters for /api/components/search in 2 weeks Announcements web_api , sonarqube-cloud	1	742	April 22, 2021
Sonarcloud API documentation is really bad SonarQube Cloud web_api	2	1052	June 10, 2022
Changes to the SonarCloud "measures" API Announcements api , sonarqube-cloud	0	290	September 22, 2023
API Parameter componentKey for api/measures/component was change in version 8 and its not updated in the release notes SonarQube Server / Community Build sonarqube , 8-9-lts-upgrade	3	927	October 14, 2021
Request for solution to rename a C# project, without changing the project key, for Sonarcloud.io SonarQube Cloud coverage	17	426	September 21, 2023

SonarCloud API - improvment opportunities

Related topics