Must-share information (formatted with Markdown):
- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
We are using SonarQube, Community Edition, Version 8.9.2 (build 46101) - what are you trying to achieve
We are trying to use webhook for identifying BUG or VULNERABILITY we have in our code so that we can automatically create a JIRA ticket for fixing the issue. We are trying to consume this webhook in an Azure App Function which will be responsible for creating JIRA ticket based on the info through webhook. - what have you tried so far to achieve this
We checked that the payload in triggered webhook contains taskID and revision but they are not matching with the JSON values of issues (soar.organization.com/api/issues/search)
I am adding 1 sample webhook and 1 JSON issue data here
Webhook
{
"serverUrl": "https://sq.organization.com",
"taskId": "AX8HHPPVE1qHSYCsf5ok",
"status": "SUCCESS",
"analysedAt": "2022-02-17T09:56:14+0000",
"revision": "670fbe6XXXXXXXXXXXXXXXXX80ed2d927eb1",
"changedAt": "2022-02-17T09:56:14+0000",
"project": {
"key": "repo-name",
"name": "repo-name",
"url": "https://sq.organization.com/dashboard?id=repo-name"
},
"branch": {
"name": "master",
"type": "BRANCH",
"isMain": true,
"url": "https://sq.organization.com/dashboard?id=repo-name"
},
"qualityGate": {
"name": "Clean-without-coverage",
"status": "ERROR",
"conditions": [
{
"metric": "reliability_rating",
"operator": "GREATER_THAN",
"value": "1",
"status": "OK",
"errorThreshold": "1"
},
{
"metric": "security_rating",
"operator": "GREATER_THAN",
"value": "4",
"status": "ERROR",
"errorThreshold": "1"
},
{
"metric": "sqale_rating",
"operator": "GREATER_THAN",
"value": "1",
"status": "OK",
"errorThreshold": "1"
},
{
"metric": "new_duplicated_lines_density",
"operator": "GREATER_THAN",
"value": "22.238236540907163",
"status": "ERROR",
"errorThreshold": "3"
},
{
"metric": "duplicated_lines_density",
"operator": "GREATER_THAN",
"value": "23.9",
"status": "ERROR",
"errorThreshold": "3"
},
{
"metric": "new_bugs",
"operator": "GREATER_THAN",
"value": "0",
"status": "OK",
"errorThreshold": "0"
},
{
"metric": "new_security_hotspots_reviewed",
"operator": "LESS_THAN",
"value": "0.0",
"status": "ERROR",
"errorThreshold": "100"
},
{
"metric": "new_violations",
"operator": "GREATER_THAN",
"value": "158",
"status": "ERROR",
"errorThreshold": "0"
},
{
"metric": "new_vulnerabilities",
"operator": "GREATER_THAN",
"value": "14",
"status": "ERROR",
"errorThreshold": "0"
},
{
"metric": "violations",
"operator": "GREATER_THAN",
"value": "230",
"status": "ERROR",
"errorThreshold": "0"
}
]
},
"properties": {
"sonar.analysis.detectedscm": "git",
"sonar.analysis.detectedci": "undetected"
}
}
https://sq.organization.com/api/issues/search
Relevant Result
{
"key": "AX8HNwQmfQOaLo5IUiJA",
"rule": "typescript:S2819",
"severity": "CRITICAL",
"component": "repo-name:src/FileName.tsx",
"project": "repo-name",
"line": 321,
"hash": "81ed4901XXXXXXXXXXX08fbcb3a",
"textRange": {
"startLine": 321,
"endLine": 321,
"startOffset": 4,
"endOffset": 29
},
"flows": [],
"status": "OPEN",
"message": "Verify the message\u0027s origin in this cross-origin communication.",
"effort": "10min",
"debt": "10min",
"author": "dev@organization.com",
"tags": ["cwe", "html5", "owasp-a3"],
"creationDate": "2022-02-17T09:56:14+0000",
"updateDate": "2022-02-17T09:56:14+0000",
"type": "VULNERABILITY",
"scope": "MAIN"
}
These 2 are related data because we can check creation date is same for both Webhook and Issue JSON however the data isn’t matching.
Please let me know if any other information is required for insight