Wednesday, 14 October 2020

More on SonarQube - RESTing on my laurels

 Following on from earlier posts: -

Tinkering with SonarQube for code-scanning shell scripts ...

More about SonarQube and scanning Java source code ....

I wanted to dig into the REST APIs that SonarQube provides, even with the freely available Community Edition ...


Noting that SQ happily lists out the various APIs that it supports, from the SQ box itself: -

http://192.168.1.111:9000/web_api/

I had a quick poke using curl and jq as follows: -

curl -s -X GET http://localhost:9000/api/issues/search | jq

    },

    {

      "key": "AXUceByf15xDyMB2TTL0",

      "rule": "java:S106",

      "severity": "MAJOR",

      "component": "com.mycompany.app:my-app:src/main/java/com/mycompany/app/SimpleSSLSocket.java",

      "project": "com.mycompany.app:my-app",

      "line": 102,

      "hash": "fee0b4af1274e112d02a55aa3fea0f44",

      "textRange": {

        "startLine": 102,

        "endLine": 102,

        "startOffset": 8,

        "endOffset": 18

      },

      "flows": [],

      "status": "OPEN",

      "message": "Replace this use of System.out or System.err by a logger.",

      "effort": "10min",

      "debt": "10min",

      "tags": [

        "bad-practice",

        "cert"

      ],


curl -s -X GET http://localhost:9000/api/issues/search | jq '.issues[] | select (.status=="OPEN")'

{

  "key": "AXUceByf15xDyMB2TTLw",

  "rule": "java:S1186",

  "severity": "CRITICAL",

  "component": "com.mycompany.app:my-app:src/main/java/com/mycompany/app/SimpleSSLSocket.java",

  "project": "com.mycompany.app:my-app",

  "line": 188,

  "hash": "5875de20b745c311e5d2270428e9c665",

  "textRange": {

    "startLine": 188,

    "endLine": 188,

    "startOffset": 16,

    "endOffset": 27

  },

  "flows": [],

  "status": "OPEN",

  "message": "Add a nested comment explaining why this method is empty, throw an UnsupportedOperationException or complete the implementation.",

  "effort": "5min",

  "debt": "5min",

  "tags": [

    "suspicious"

  ],

  "creationDate": "2020-10-12T11:00:16+0000",

  "updateDate": "2020-10-12T11:00:16+0000",

  "type": "CODE_SMELL",

  "organization": "default-organization",

  "scope": "MAIN"

}

curl -s -k -X GET http://localhost:9000/api/project_analyses/search?project=DaveSQJava | jq


{

  "paging": {

    "pageIndex": 1,

    "pageSize": 100,

    "total": 4

  },

  "analyses": [

    {

      "key": "AXUnCZ9lsYjbQLEaXKVY",

      "date": "2020-10-14T12:15:36+0000",

      "events": [

        {

          "key": "AXUnCaXisYjbQLEaXKYc",

          "category": "VERSION",

          "name": "not provided"

        }

      ],

      "projectVersion": "not provided",

      "manualNewCodePeriodBaseline": false

    },

    {

      "key": "AXUmhs5wsYjbQLEaXKSN",

      "date": "2020-10-14T09:52:42+0000",

      "events": [

        {

          "key": "AXUmhtX1sYjbQLEaXKVR",

          "category": "QUALITY_GATE",

          "name": "Green (was Red)",

          "description": ""

        }

      ],

      "projectVersion": "not provided",

      "manualNewCodePeriodBaseline": false

    },

    {

      "key": "AXUmgJU7sYjbQLEaXKO8",

      "date": "2020-10-14T09:45:54+0000",

      "events": [],

      "projectVersion": "not provided",

      "manualNewCodePeriodBaseline": false

    },

    {

      "key": "AXUcx98215xDyMB2TTWV",

      "date": "2020-10-12T12:27:34+0000",

      "events": [

        {

          "key": "AXUcx-Wc15xDyMB2TTZi",

          "category": "QUALITY_GATE",

          "name": "Red (was Green)",

          "description": "Reliability Rating on New Code > 1"

        },

        {

          "key": "AXUcx-Wd15xDyMB2TTZj",

          "category": "QUALITY_PROFILE",

          "name": "Use 'FindBugs Security JSP' (JSP)"

        }

      ],

      "projectVersion": "not provided",

      "manualNewCodePeriodBaseline": false

    }

  ]

}

curl -s -k -X GET http://localhost:9000/api/project_analyses/search?project=DaveSQJava | jq '.analyses[].events'

[

  {

    "key": "AXUnCaXisYjbQLEaXKYc",

    "category": "VERSION",

    "name": "not provided"

  }

]

[

  {

    "key": "AXUmhtX1sYjbQLEaXKVR",

    "category": "QUALITY_GATE",

    "name": "Green (was Red)",

    "description": ""

  }

]

[]

[

  {

    "key": "AXUcx-Wc15xDyMB2TTZi",

    "category": "QUALITY_GATE",

    "name": "Red (was Green)",

    "description": "Reliability Rating on New Code > 1"

  },

  {

    "key": "AXUcx-Wd15xDyMB2TTZj",

    "category": "QUALITY_PROFILE",

    "name": "Use 'FindBugs Security JSP' (JSP)"

  }

]

curl -s -k -X GET http://localhost:9000/api/project_analyses/search?project=DaveSQJava | jq '.analyses[].events[] | select(.name|startswith("Red"))'

{

  "key": "AXUcx-Wc15xDyMB2TTZi",

  "category": "QUALITY_GATE",

  "name": "Red (was Green)",

  "description": "Reliability Rating on New Code > 1"

}

curl -s -k -X GET http://localhost:9000/api/project_analyses/search?project=DaveSQJava | jq '.analyses[].events[] | select(.name|startswith("Green"))'

{

  "key": "AXUmhtX1sYjbQLEaXKVR",

  "category": "QUALITY_GATE",

  "name": "Green (was Red)",

  "description": ""

}

No comments:

Reminder - installing podman and skopeo on Ubuntu 22.04

This follows on from: - Lest I forget - how to install pip on Ubuntu I had reason to install podman  and skopeo  on an Ubuntu box: - lsb_rel...