SonarQube Enterprise Excel Report

SonarQube Enterprise 7.9.1 LGPL v3
Export Issues (Bugs & Vulnerabilities) to Excel (or Excel digestible) format

Good day all. So this is my first time using SonarQube, with limited experience with Coverity (so relatively new to Code Analysis).
As stated above we have SQ Enterprise, and I would like to export our current list of Issues to an Excel report. This will allow us to review the current list of issues with our security person (who doesn’t have access to the development environment) and prioritize resolution. I’ve struggled to understand the proper way to do this. I would expect with Enterprise Edition a feature such as report export would be provided.
I’ve seen some discussions of a pluggin, but unless they are packaged with the product (already approved) that is not an option for us. Specifically because we have to go through a lengthy approval process and we are on a shorter timeline at this stage.
I have also seen mention of using the webApi, and was able to export a JSON file using ‘localhost:port/api/issues/search?project=MYPROJ’. However the output wasn’t something I was able to use in Excel. If this is the way to go can you please provide some guidance on how to utilize this in Excel to actually produce a list of vulnerabilities.

So recap:

  • Does SonarQube Enterprise 7.9 have an integrated report capability (for Issues)?
  • The pluggins available for report, are they stand-alone or package with SQ & just need installed? (obviously stand-alone would need additional approvals which we likely won’t get in time)
  • Using the api, how can I generate/obtain the Issues (bugs, vulnerabilties, etc.) in a format Excel can ingest?

Thanks
Cyber

Hi @CyberSurfer409, welcome to the SonarSource Community!

You’re not missing anything: we don’t have anything like a native Excel export. We generally expect/hope for developers to have a chance to react to issues and resolve them before there’s a need for anything like reviewing and prioritizing line items on a report.

That said, what you’re looking for is possible as you’ve guessed via our web APIs. You just need some kind of intermediate tool to translate the responses into something Excel can open. A good low-hanging fruit idea would be to try CSV. You can use a command-line utility like jq to get from the JSON into CSV. Here’s a quick example of a single command line combining curl to make the API call and then piping through jq to translate to CSV:

curl -u $SQ_TOKEN: "$SQ_URL/api/issues/search?componentKeys=$PROJECT_KEY&resolved=false&ps=500&additionalFields=_all" | jq -r '.rules as $rules | .issues[] | .rule as $rule | [.type, .severity, ($rules[] | select(.key == $rule) | .name), .component, .line, .tags[]| tostring] | @csv'

Redirect that output to a file and open it in Excel:

You’ll have to study our API responses and read up a bit on jq to understand how to adapt something like this example to your specific reporting needs.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.