Web API: bug in api/components/tree in reporting project visibility


Hello!! I found this bug when I was trying to find out the Project visibility of all the projects under each portfolio.

Version Used: SonarQube Enterprise Edition 8.9.2 LTS

Details: When listing all the projects under a portfolio, regardless of the project true visibility(private or public) the portfolio visibility is show by default for all the projects.

For example: If a private portfolio xyz has 10 projects and 5 of them are public and 5 are private, all project visibility is show as private. vice versa for public portfolio too.

Steps to Reproduce

  • Create a portfolio and add 2 or more projects to the portfolio
  • Make few of these projects as private
  • Use postman or any other tool and execute https://sonarqube.company.com/api/components/tree?component=portfolio-name
  • Verify the project visibility reported.
  • You can change the portfolio to private now and rerun the above 2 steps.

Thank you

Hi Sagar,

Thanks for this report. We’ve actually known about this for a while. Perhaps your report will help bring some movement.


Hi @ganncamp

I know the feature you mentioned is being released in 9.x. But the above one is a bug in the existing API. The output is dependent on the portfolio visibility status and not the true visibility of the project.