SonarQube /api/security_reports/show Categories: Mapping

I am using the Sonar Qube API and specifically this endpoint: “/api/security_reports/show”

The json that I get as a respone looks like this

{
        "categories": [
            {
                "category": "1",
                "vulnerabilities": 0,
                "toReviewSecurityHotspots": 0,
                "reviewedSecurityHotspots": 0,
                "securityReviewRating": 1,
                "distribution": [],
                "activeRules": 0,
                "totalRules": 0,
                "hasMoreRules": false
            },

I noticed that there are several different categories and I noticed that category 3 means authentication but I do not know what the other categories mean. Is there a list somewhere for the mapping? A link to an enum in a gitlab repo url would be enough.

Hello! Unfortunately, the public code for this feature isn’t available because it’s a commercial feature.

However, the logic is straightforward: the categories in the API are listed in the same order they appear in the UI.

For example, here’s what the API response looks like:

https://next.sonarqube.com/sonarqube/project/extension/securityreport/securityreport?id=SonarSource_echoes-react_AYvOIyNg-JQvdKIPB6Ig&standard=pciDss&version=4.0

{
  "categories": [
    ...
    { "category": "1", ... },
    { "category": "2", ... },
    { "category": "3", ... },
    // and so on
  ]
}

And the UI looks as so:

image1472×438 27.9 KB

Category mappings:

• 1 = 1 - Install and Maintain Network Security Controls
• 2 = 2- Apply Secure Configurations to All System Components
• etc…

This internal API is a bit rough, so use it at your own risk. The category order and values match what you see in the UI.