Vulnerabilities report from API

I was informed that I could use Web API to extract vulnerability issues within SonarQube and was wondering fi someone can be very detailed on how to go about doing this.

The previous version of SonarQube we had was 7.9.1 before it upgraded to the 8.1 which had the export CSV feature. The reason I am asking is because this was a significant part that we used regularly when it comes to reporting on the issues (unresolved vulnerabilities) via running the CSV report through Vulnerator to produce a POA&M for our government client. Then we create a mitigation for the vulnerabilities. Any help would be greatly appreciated.

1 Like

Welcome :slight_smile:

using Sonarqube for some years now, i never used an export csv feature.
Is this a builtin function or provided by a plugin ?

Using the Sonarqube web api means
you write a script or use curl to call the relevant endpoints
you get the json in response
then it’s usual json parsing and creating the content (csv, pdf …)
see this threads for some snippets using Groovy



Otherwise there are plugins:

Free (works only with Sonarqube 7)


great potential, unfortunately it’s not ready yet
see this thread for details

$
the Governance plugin by Sonarsource, available with Enterprise edition and higher
https://docs.sonarqube.org/latest/project-administration/portfolio-pdf-configuration/

Finally it maybe even possible to use Excel > Data from web > Sonarqube url to produce
some csv :wink:

Gilbert