Sonarqube Rest API NOT return CWE-Number of issue with "type": "VULNERABILITY"

henrybui · November 15, 2019, 9:12pm

We would like to get CWE-Number of a VULNERABILITY issue through API. However, when calling the API to get issues of a project, we only see CWE tag without CWE-number detail. How could we get CWE-number of an issue if it’s VULNERABILITY issues?

If we don’t support it. Could we have a plant so implement this feature?

https://sonarcloud.io/api/issues/search?id=navikt_fp-kontrakter

Thank you.

marioosuna · March 4, 2021, 5:52pm

Hello! Do you get any answer? I am looking for the same feature

Alexandre_Gigleux · March 8, 2021, 1:29pm

You can’t get the CWE Identifier of a given issue. But you can find all issues corresponding to a CWE Identifier by using api/issues/search and the cwe parameter like this:

https://yourinstance/api/issues/search?cwe=89&types=VULNERABILITY&statuses=OPEN

… to get all the SQL Injection (CWE-89) issues.

Topic		Replies	Views
Rest API NOT return CWE-Number (Ex: CWE-564) for VULNERABILITY issue SonarQube Cloud security , security-hotspot , sonarqube-cloud	5	1581	November 25, 2019
Rest API NOT return the issues for a CWE identifier SonarQube Server / Community Build sonarqube	6	554	May 19, 2023
Associating issues with OWASP, SANS, and CWEs via the API SonarQube Server / Community Build web_api , web	6	2422	May 31, 2019
Ability to search by CWE/CERT ids Suggest new features	6	877	October 29, 2018
List of supported CWE-Issues from Sonarqube SonarQube Server / Community Build java , security	3	6022	June 15, 2022

Sonarqube Rest API NOT return CWE-Number of issue with "type": "VULNERABILITY"

Related topics