Wednesday 14 October 2020

More on SonarQube - RESTing on my laurels

 Following on from earlier posts: -

Tinkering with SonarQube for code-scanning shell scripts ...

More about SonarQube and scanning Java source code ....

I wanted to dig into the REST APIs that SonarQube provides, even with the freely available Community Edition ...


Noting that SQ happily lists out the various APIs that it supports, from the SQ box itself: -

http://192.168.1.111:9000/web_api/

I had a quick poke using curl and jq as follows: -

curl -s -X GET http://localhost:9000/api/issues/search | jq

    },

    {

      "key": "AXUceByf15xDyMB2TTL0",

      "rule": "java:S106",

      "severity": "MAJOR",

      "component": "com.mycompany.app:my-app:src/main/java/com/mycompany/app/SimpleSSLSocket.java",

      "project": "com.mycompany.app:my-app",

      "line": 102,

      "hash": "fee0b4af1274e112d02a55aa3fea0f44",

      "textRange": {

        "startLine": 102,

        "endLine": 102,

        "startOffset": 8,

        "endOffset": 18

      },

      "flows": [],

      "status": "OPEN",

      "message": "Replace this use of System.out or System.err by a logger.",

      "effort": "10min",

      "debt": "10min",

      "tags": [

        "bad-practice",

        "cert"

      ],


curl -s -X GET http://localhost:9000/api/issues/search | jq '.issues[] | select (.status=="OPEN")'

{

  "key": "AXUceByf15xDyMB2TTLw",

  "rule": "java:S1186",

  "severity": "CRITICAL",

  "component": "com.mycompany.app:my-app:src/main/java/com/mycompany/app/SimpleSSLSocket.java",

  "project": "com.mycompany.app:my-app",

  "line": 188,

  "hash": "5875de20b745c311e5d2270428e9c665",

  "textRange": {

    "startLine": 188,

    "endLine": 188,

    "startOffset": 16,

    "endOffset": 27

  },

  "flows": [],

  "status": "OPEN",

  "message": "Add a nested comment explaining why this method is empty, throw an UnsupportedOperationException or complete the implementation.",

  "effort": "5min",

  "debt": "5min",

  "tags": [

    "suspicious"

  ],

  "creationDate": "2020-10-12T11:00:16+0000",

  "updateDate": "2020-10-12T11:00:16+0000",

  "type": "CODE_SMELL",

  "organization": "default-organization",

  "scope": "MAIN"

}

curl -s -k -X GET http://localhost:9000/api/project_analyses/search?project=DaveSQJava | jq


{

  "paging": {

    "pageIndex": 1,

    "pageSize": 100,

    "total": 4

  },

  "analyses": [

    {

      "key": "AXUnCZ9lsYjbQLEaXKVY",

      "date": "2020-10-14T12:15:36+0000",

      "events": [

        {

          "key": "AXUnCaXisYjbQLEaXKYc",

          "category": "VERSION",

          "name": "not provided"

        }

      ],

      "projectVersion": "not provided",

      "manualNewCodePeriodBaseline": false

    },

    {

      "key": "AXUmhs5wsYjbQLEaXKSN",

      "date": "2020-10-14T09:52:42+0000",

      "events": [

        {

          "key": "AXUmhtX1sYjbQLEaXKVR",

          "category": "QUALITY_GATE",

          "name": "Green (was Red)",

          "description": ""

        }

      ],

      "projectVersion": "not provided",

      "manualNewCodePeriodBaseline": false

    },

    {

      "key": "AXUmgJU7sYjbQLEaXKO8",

      "date": "2020-10-14T09:45:54+0000",

      "events": [],

      "projectVersion": "not provided",

      "manualNewCodePeriodBaseline": false

    },

    {

      "key": "AXUcx98215xDyMB2TTWV",

      "date": "2020-10-12T12:27:34+0000",

      "events": [

        {

          "key": "AXUcx-Wc15xDyMB2TTZi",

          "category": "QUALITY_GATE",

          "name": "Red (was Green)",

          "description": "Reliability Rating on New Code > 1"

        },

        {

          "key": "AXUcx-Wd15xDyMB2TTZj",

          "category": "QUALITY_PROFILE",

          "name": "Use 'FindBugs Security JSP' (JSP)"

        }

      ],

      "projectVersion": "not provided",

      "manualNewCodePeriodBaseline": false

    }

  ]

}

curl -s -k -X GET http://localhost:9000/api/project_analyses/search?project=DaveSQJava | jq '.analyses[].events'

[

  {

    "key": "AXUnCaXisYjbQLEaXKYc",

    "category": "VERSION",

    "name": "not provided"

  }

]

[

  {

    "key": "AXUmhtX1sYjbQLEaXKVR",

    "category": "QUALITY_GATE",

    "name": "Green (was Red)",

    "description": ""

  }

]

[]

[

  {

    "key": "AXUcx-Wc15xDyMB2TTZi",

    "category": "QUALITY_GATE",

    "name": "Red (was Green)",

    "description": "Reliability Rating on New Code > 1"

  },

  {

    "key": "AXUcx-Wd15xDyMB2TTZj",

    "category": "QUALITY_PROFILE",

    "name": "Use 'FindBugs Security JSP' (JSP)"

  }

]

curl -s -k -X GET http://localhost:9000/api/project_analyses/search?project=DaveSQJava | jq '.analyses[].events[] | select(.name|startswith("Red"))'

{

  "key": "AXUcx-Wc15xDyMB2TTZi",

  "category": "QUALITY_GATE",

  "name": "Red (was Green)",

  "description": "Reliability Rating on New Code > 1"

}

curl -s -k -X GET http://localhost:9000/api/project_analyses/search?project=DaveSQJava | jq '.analyses[].events[] | select(.name|startswith("Green"))'

{

  "key": "AXUmhtX1sYjbQLEaXKVR",

  "category": "QUALITY_GATE",

  "name": "Green (was Red)",

  "description": ""

}

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Visual Studio Code - Wow 🙀

Why did I not know that I can merely hit [cmd] [p]  to bring up a search box allowing me to search my project e.g. a repo cloned from GitHub...