Sonarqube Webhook's taskID and revision is not matching with keyID and hash in Issues JSON. Not able to use webhook for identifying any issue

SonarQube
,
1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    We are using SonarQube, Community Edition, Version 8.9.2 (build 46101)
  • what are you trying to achieve
    We are trying to use webhook for identifying BUG or VULNERABILITY we have in our code so that we can automatically create a JIRA ticket for fixing the issue. We are trying to consume this webhook in an Azure App Function which will be responsible for creating JIRA ticket based on the info through webhook.
  • what have you tried so far to achieve this
    We checked that the payload in triggered webhook contains taskID and revision but they are not matching with the JSON values of issues (soar.organization.com/api/issues/search)
    I am adding 1 sample webhook and 1 JSON issue data here

Webhook

{
  "serverUrl": "https://sq.organization.com",
  "taskId": "AX8HHPPVE1qHSYCsf5ok",
  "status": "SUCCESS",
  "analysedAt": "2022-02-17T09:56:14+0000",
  "revision": "670fbe6XXXXXXXXXXXXXXXXX80ed2d927eb1",
  "changedAt": "2022-02-17T09:56:14+0000",
  "project": {
    "key": "repo-name",
    "name": "repo-name",
    "url": "https://sq.organization.com/dashboard?id=repo-name"
  },
  "branch": {
    "name": "master",
    "type": "BRANCH",
    "isMain": true,
    "url": "https://sq.organization.com/dashboard?id=repo-name"
  },
  "qualityGate": {
    "name": "Clean-without-coverage",
    "status": "ERROR",
    "conditions": [
      {
        "metric": "reliability_rating",
        "operator": "GREATER_THAN",
        "value": "1",
        "status": "OK",
        "errorThreshold": "1"
      },
      {
        "metric": "security_rating",
        "operator": "GREATER_THAN",
        "value": "4",
        "status": "ERROR",
        "errorThreshold": "1"
      },
      {
        "metric": "sqale_rating",
        "operator": "GREATER_THAN",
        "value": "1",
        "status": "OK",
        "errorThreshold": "1"
      },
      {
        "metric": "new_duplicated_lines_density",
        "operator": "GREATER_THAN",
        "value": "22.238236540907163",
        "status": "ERROR",
        "errorThreshold": "3"
      },
      {
        "metric": "duplicated_lines_density",
        "operator": "GREATER_THAN",
        "value": "23.9",
        "status": "ERROR",
        "errorThreshold": "3"
      },
      {
        "metric": "new_bugs",
        "operator": "GREATER_THAN",
        "value": "0",
        "status": "OK",
        "errorThreshold": "0"
      },
      {
        "metric": "new_security_hotspots_reviewed",
        "operator": "LESS_THAN",
        "value": "0.0",
        "status": "ERROR",
        "errorThreshold": "100"
      },
      {
        "metric": "new_violations",
        "operator": "GREATER_THAN",
        "value": "158",
        "status": "ERROR",
        "errorThreshold": "0"
      },
      {
        "metric": "new_vulnerabilities",
        "operator": "GREATER_THAN",
        "value": "14",
        "status": "ERROR",
        "errorThreshold": "0"
      },
      {
        "metric": "violations",
        "operator": "GREATER_THAN",
        "value": "230",
        "status": "ERROR",
        "errorThreshold": "0"
      }
    ]
  },
  "properties": {
    "sonar.analysis.detectedscm": "git",
    "sonar.analysis.detectedci": "undetected"
  }
}

https://sq.organization.com/api/issues/search
Relevant Result

{
		"key": "AX8HNwQmfQOaLo5IUiJA",
		"rule": "typescript:S2819",
		"severity": "CRITICAL",
		"component": "repo-name:src/FileName.tsx",
		"project": "repo-name",
		"line": 321,
		"hash": "81ed4901XXXXXXXXXXX08fbcb3a",
		"textRange": {
			"startLine": 321,
			"endLine": 321,
			"startOffset": 4,
			"endOffset": 29
		},
		"flows": [],
		"status": "OPEN",
		"message": "Verify the message\u0027s origin in this cross-origin communication.",
		"effort": "10min",
		"debt": "10min",
		"author": "dev@organization.com",
		"tags": ["cwe", "html5", "owasp-a3"],
		"creationDate": "2022-02-17T09:56:14+0000",
		"updateDate": "2022-02-17T09:56:14+0000",
		"type": "VULNERABILITY",
		"scope": "MAIN"
	}

These 2 are related data because we can check creation date is same for both Webhook and Issue JSON however the data isn’t matching.
Please let me know if any other information is required for insight

2

Hi,

Welcome to the community!

The webhook payload is about metric values, not about issues. If you really want to do this (I urge caution) you’ll need to make a separate web service call to get the issue data.

The reason I urge caution is that we have experience with automated ticket creation. We went down that road (of deep Jira integration) a long time ago, then backed up, killed the functionality and removed the endpoints. Our experience was that 1-to-1 ticket creation can lead to a lot of junk tickets.

 
FWIW,
Ann

3

Hi @ganncamp
Thanks for the quick reply. As per your input we discussed about your experience with automated ticket creation and we are thankful to you for the headsup.
However we decided to proceed further with the integration. Can you please describe more about the web service call you were referring to in your comment ? A little detailed description will be appreciated as I am new to this domain

4

Hi,

The best way to find the APIs you want is to perform the desired action via the UI and eavesdrop to see which calls the UI made to accomplish the action.

 
HTH,
Ann