Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

About behavior in SonarQube API Import #11960

Open
1 of 3 tasks
thedoom13 opened this issue Mar 6, 2025 · 2 comments
Open
1 of 3 tasks

About behavior in SonarQube API Import #11960

thedoom13 opened this issue Mar 6, 2025 · 2 comments
Assignees
@kiblik

Comments

@thedoom13
Copy link

Problem description
I'm using the SonarQube API Import with branch_tag and always receive a result with Total: 0 Findings, even when the branch does not exist in SonarQube. Is this the expected behavior?

Steps to reproduce
I followed the instructions here: https://docs.defectdojo.com/en/connecting_your_tools/parsers/api/sonarqube/

Expected behavior
I think the SonarQube API Import test should not appear.

Deployment method

  • Docker Compose
  • Kubernetes
  • GoDojo

Environment information

  • Operating System: Ubuntu 22.04
  • Docker Compose version v2.27.0
  • DefectDojo version: 2.44.0

Logs

[pid: 37|app: -|req: -/-] {My IP} (-) {54 vars in 904 bytes} [Thu Mar 6 02:31:00 2025] GET /api/v2/tests/?title=SonarQube%20API%20Import&engagement=58 => generated 66 bytes in 29 msecs (HTTP/1.1 200) 8 headers in 245 bytes (1 switches on core 0)
[06/Mar/2025 02:31:01] ERROR [dojo.tools.api_sonarqube.importer:206] SonarQube API import issue
Traceback (most recent call last):
File "/app/dojo/tools/api_sonarqube/importer.py", line 114, in import_issues
component = client.get_project(
^^^^^^^^^^^^^^^^^^^
File "/app/dojo/tools/api_sonarqube/api_client.py", line 133, in get_project
raise Exception(msg)
Exception: Unable to find the project {My SonarQube Project} due to 404 - {"errors":[{"msg":"Component \u0027{My SonarQube Project}\u0027 on branch \u00271631/merge\u0027 not found"}]}
[06/Mar/2025 02:31:01] ERROR [dojo.tools.api_sonarqube.importer:327] SonarQube API import issue
Traceback (most recent call last):
File "/app/dojo/tools/api_sonarqube/importer.py", line 230, in import_hotspots
component = client.get_project(
^^^^^^^^^^^^^^^^^^^
File "/app/dojo/tools/api_sonarqube/api_client.py", line 133, in get_project
raise Exception(msg)
Exception: Unable to find the project {My SonarQube Project} due to 404 - {"errors":[{"msg":"Component \u0027{My SonarQube Project}\u0027 on branch \u00271631/merge\u0027 not found"}]}

Screenshots

Image

Additional context
I came across this Pull Request, and it seems like the logic has changed. Previously, items would not be returned if an exception occurred.
Should it be modified to:

        else:
            return items

Is this correct?
@kiblik
Copy link
Contributor

kiblik commented Mar 6, 2025

Based on SQ response {"errors":[{"msg":"Component \u0027{My SonarQube Project}\u0027 on branch \u00271631/merge\u0027 not found"}]}, your project name in SQ is {My SonarQube Project} and branch name is 1631/merge. Is this correct?

@thedoom13
Copy link
Author

thedoom13 commented Mar 7, 2025
edited
Loading

Based on SQ response {"errors":[{"msg":"Component \u0027{My SonarQube Project}\u0027 on branch \u00271631/merge\u0027 not found"}]}, your project name in SQ is {My SonarQube Project} and branch name is 1631/merge. Is this correct?

Hi @kiblik,
{My SonarQube Project} is just a placeholder to hide the actual project key.
The project does exist in SonarQube, but the branch 1631/merge does not.
In version 2.43.0, the SonarQube API Import test will not exist in DefectDojo if this branch is not present in SonarQube.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kiblik kiblik

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kiblik @thedoom13