Menu
After every sonar scan we can see the list of newly added issues in both portal and Scan logs like shown below. Iam able to get the list of newly added issues using the Rest API
http://localhost:9000/api/issues/search?createdAfter=2015-08-15
Here we can see 18 Major issues have been fixed , and being shown in green. Is there any way to find out the list of fixed issues in a particular scan. Using API or any other approach
[sonar:sonar] 07:06:13.946 INFO - ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/ICDP_NOV_2015
[sonar:sonar] 07:06:14.012 INFO - Executing post-job class org.sonar.issuesreport.ReportJob
[sonar:sonar] 07:06:21.327 INFO - HTML Issues Report generated: /hosting/workspace/Sonar_20151102/make/sonar_deploy/.sonar/issues-report/issues-report.html
[sonar:sonar] 07:06:21.494 INFO - Light HTML Issues Report generated: /hosting/workspace/Sonar_20151102/make/sonar_deploy/.sonar/issues-report/issues-report-light.html
[sonar:sonar] 07:06:21.497 INFO -
[sonar:sonar]
[sonar:sonar] ------------- Issues Report -------------
[sonar:sonar]
[sonar:sonar] +27 issues
[sonar:sonar]
[sonar:sonar] +20 major
[sonar:sonar] +7 minor
[sonar:sonar]
[sonar:sonar] -------------------------------------------
[sonar:sonar]
[sonar:sonar]
[sonar:sonar] 07:06:21.497 INFO - Executing post-job class org.sonar.plugins.issueassign.notification.SendIssueNotificationsPostJob
[sonar:sonar] 07:06:21.902 INFO - Executing post-job class org.sonar.plugins.core.issue.notification.SendIssueNotificationsPostJob
[sonar:sonar] 07:06:22.361 INFO - Executing post-job class org.sonar.pl
847
There are three types of issues: Bug – A coding mistake that can lead to an error or unexpected behavior at runtime. Vulnerability – A point in your code that's open to attack. Code Smell – A maintainability issue that makes your code confusing and difficult to maintain.
Blocker and Critical Issues - Blocker issues have a high probability to impact the behavior of the application in production: memory leak, unclosed JDBC connection, .... The code MUST be immediately fixed.
Issues are automatically closed (status: Closed) when: an issue (of any status) has been properly fixed => Resolution: Fixed. an issue no longer exists because the related coding rule has been deactived or is no longer available (ie: plugin has been removed) => Resolution: Removed.
There is one possible way of doing that, but not the best way
Once you call http://localhost:9000/api/issues/search and you will get an array like below,
{
"paging":{
"pageIndex":1,
"pageSize":100,
"total":1
},
"issues":[
{
"key":"01fc972e-2a3c-433e-bcae-0bd7f88f5123",
"component":"com.github.kevinsawicki:http-request:com.github.kevinsawicki.http.HttpRequest",
"project":"com.github.kevinsawicki:http-request",
"rule":"checkstyle:com.puppycrawl.tools.checkstyle.checks.coding.MagicNumberCheck",
"status":"RESOLVED",
"resolution":"FALSE-POSITIVE",
"severity":"MINOR",
"message":"'3' is a magic number.",
"line":530,
"textRange":{
"startLine":81,
"endLine":81,
"startOffset":0,
"endOffset":134
},
"author":"Developer 1",
"effort":"2h1min",
"creationDate":"2013-05-13T17:55:39+0200",
"updateDate":"2013-05-13T17:55:39+0200",
"tags":[
"bug"
],
"type":"RELIABILITY",
"comments":[
{
"key":"7d7c56f5-7b5a-41b9-87f8-36fa70caa5ba",
"login":"john.smith",
"htmlText":"Must be "final"!",
"markdown":"Must be \"final\"!",
"updatable":false,
"createdAt":"2013-05-13T18:08:34+0200"
}
],
"attr":{
"jira-issue-key":"SONAR-1234"
},
"transitions":[
"unconfirm",
"resolve",
"falsepositive"
],
"actions":[
"comment"
]
}
],
"components":[
{
"key":"com.github.kevinsawicki:http-request:src/main/java/com/github/kevinsawicki/http/HttpRequest.java",
"enabled":true,
"qualifier":"FIL",
"name":"HttpRequest.java",
"longName":"src/main/java/com/github/kevinsawicki/http/HttpRequest.java",
"path":"src/main/java/com/github/kevinsawicki/http/HttpRequest.java"
},
{
"key":"com.github.kevinsawicki:http-request",
"enabled":true,
"qualifier":"TRK",
"name":"http-request",
"longName":"http-request"
}
],
"rules":[
{
"key":"checkstyle:com.puppycrawl.tools.checkstyle.checks.coding.MagicNumberCheck",
"name":"Magic Number",
"status":"READY",
"lang":"java",
"langName":"Java"
}
],
"users":[
{
"login":"admin",
"name":"Administrator",
"active":true,
"email":"[email protected]"
}
]
}
What you can do is read all the objects and check the updated date ("updateDate":"2013-05-13T17:55:39+0200") is greater than your analysis date (which you can get by SonrQube webHooks). Then read the status as well to check the issue is fixed ("status":"RESOLVED")
Once an issue is fixed the "updateDate" variable will be updated.
when you call the API http://localhost:9000/api/issues/search you can use the parameter statuses=RESOLVED,CLOSED if you want only the fixed issues. You can add this parameter to reduce the number of results you get and optimize your process.
Refer https://codeen-app.euclid-ec.org/sonar/web_api/api/issues for more details.
148
That's not yet possible to track the remediated technical debt. You can only track for the time being the new technical debt.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
