SonarCloud Web API to get details of scan/analysis results - bugs/vulnerability/security hotspot details

  • ALM used - Bitbucket Cloud,
  • CI system used - Bitbucket Cloud
  • Scanner command - using Bitbucket Pipe for sonar scanner :
    pipe: sonarsource/sonarcloud-scan:1.4.0
  • Languages of the repository - Salesforce codebase, Apex classes, xmls, triggers,etc.

Need to create a webhook that calls SonarCloud WebAPI to get the analysis results from SonarCloud. The APIs given on the doesn’t give details of any such API that can pull the results of analysis. The only API I found is api/project_analyses and api/project_branches. From the response example of these APIs I can see the quality gate status and the count of bugs/vulnerability/code smells but none of these give details on what bugs, vulnerability and security hotspots are found in analysis. Do we have any API in SonarCloud that gives the details of what bugs/vulnerability/code smells/security hotspots are found in the analysis done on a branch? Also, is any such API available in SonarQube if not available in SonarCloud?

Hey there.

You won’t find any one API call that returns all information from an analysis. GET api/measures/component might return the current measures, while GET api/issues/search returns the current issues and GET api/qualitygates/project_status returns Quality Gate details.

How are you hoping to use such information? What is not fulfilling your needs in the SonarCloud UI, or other built-in integrations?

I am hoping to use the sonarcloud analysis results to be mapped with Salesforce objects via webhook to show the results on UI. Any leads on using SonarCloud to analyze salesforce code Apex classes, triggers and VisualForce pages?