which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube = sonarqube-developer-8.4.1.35646
Scanner = sonar-scanner-4.4.0.2170-windows
what are you trying to achieve
I want to collect reports from the C++ scanning results
what have you tried so far to achieve this
I’ve read the web pages provided from the Web API link
What is the URI for the web services?
How can I obtain the user token for the web authentication?
Here is what I’ve read.
User Token
Each user has the ability to generate tokens that can be used to run analyses or invoke web services without access to the user’s actual credentials.
How to Generate a Token
To generate a token, to go User > My Account > Security . Your existing tokens are listed here, each with a Revoke button.
==> Where can I find this option?
The form at the bottom of the page allows you to generate new tokens. Once you click the Generate button, you will see the token value. Copy it immediately; once you dismiss the notification you will not be able to retrieve it.
you described the path correctly. On the top right there is your user profile picture and when you click on it it will open a drop down menu where you can find the option “My Account”.
That path is used for the user tokens which are for specific projects. And I have no questions about it.
Here is the full story. I was able to set up SonarQube (Developer Edition). It is up and running. I was able to scan several C++ projects. And now I try to see if SonarQube can produce any type of reports from the scanning results. The reports will be used as input to Vulnerator which can convert to some formats that are accepted by the government.
I’ve posted this question on this community channel and Massimo told me to try the web API. I’ve read almost everything that those web pages can provide but could not find any required URL for the web services. And for web service authentication, it would require a user token. Is it correct?
I’ve seen a bunch of .pb files produced in a sub-folder named scanner-report and I wonder how I can view them. Can they be converted to any kind of report?
I really appreciate your assistance due to the time constraint of a trial license I’ve had. It will expire in several days and I have to do all the evaluations before my company can decide to purchase this service.
Okay so just to recap your question is more about how to extract some metrics from sonarqube and how to authenticate against the web api?
the easy part first: yes you will need a user token in order to authenticate against the api. you can find some samples how to use the authentication in our documentation.
how to extract some metrics depends on what metrics you want. you could for example use something like this:
The $DATE should be in YYYY-MM-DD format and the component key can be extracted from your project.
Documentation about this api endpoint is baked into your sonarqube installation: sq-url/web_api/api/measures?query=measures%2Fsearch_history
if you want to have a more human friendly output there is also the possibility to generate a pdf export for portfolio views in the enterprise edition ($$).
For experiment purposes, I’ve executed the following statement. Note that I’ve used one of my tokens that are generated by SonarQube for my C++ projects.
$SONARCLOUD_TOKEN should be your generated token SONARQUBE_FQDN is the fully qualified domain name of your sonarqube instance (e.g. sonarqube.your-company.com/sonar) $COMPONENT_KEY is the component key of the project you want to extract the metrics from. you can extract this via the “project information” tab in your sonarqube projects web ui.
i highly doubt that you can get anything from the .pb files tbh.
as for your curl command: you need to target your instance. a curl against our page will not give you much
and got this error message returned
{“errors”:[{“msg”:“The ‘component’ parameter is missing”}]}‘component’ is not recognized as an internal or external command,
operable program or batch file.
‘metrics’ is not recognized as an internal or external command,
operable program or batch file.
‘ps’ is not recognized as an internal or external command,
operable program or batch file.
Please check with your network team on the proxy port and settings. Ideally, you should use environment variables instead of having to expose your username and password like this. Here’s one article you read: