Sonarcloud Web API - Issues/Search endpoint record limit

Hi,

I’m trying to fetch issues using GET api/issues/search endpoint and I ran into a couple issues.

  1. I cannot retrieve more than 10,000 rows using a token (regardless of number of sessions and even after implementing pagination). This is a problem as we have about 50k issues and this number would grow over time and we’re looking to retrieve this data every day to get the most recent state for all issues. Has anyone managed to find a workaround?

Also, the endpoint does not provide us with any information on the security category associated with an issue eg. OWASP, CWE.

Thank you

SonarCloud must work differently than SonarQube, because in SonarQube, the struct returned by that endpoint includes a field called tags, which is an array of strings which can be searched for strings like cwe or owasp. (I don’t think owasp is ever used as a tag, it’s always something like owasp-a6.)

The 10K limit is a well-known SQ annoyance. Workarounds involve increasing the filtering (e.g., by date) to get it down below 10K.

Hi @krshmtl and welcome to our Community!

Yes, there is a limit as you mentioned. One workaround is to make use of plenty filtering this endpoint offer. You can get CWE information if you first query for all CWEs and then for each one, as an example (I’ve used a public project here):

https://sonarcloud.io/api/issues/search?projectKeys=shipilev_jdk&facets=cwe

Will return all CWEs found in the facets.

"facets": [
    {
      "property": "cwe",
      "values": [
        {
          "val": "unknown",
          "count": 210897
        },
        {
          "val": "783",
          "count": 7328
        },
        {
          "val": "397",
          "count": 4737
        },

Then you query for the CWEs:

https://sonarcloud.io/api/issues/search?projectKeys=shipilev_jdk&cwe=783

Will return only issues with CWE 873. I know you have to make more requests, but probably you won’t reach the 10K limit. There is much more filtering you can use to refine your query, have a look into our documentation.

I hope that help!