SonarQube Result-Writer fails: SonarQube-WebApi allows to request for a maximum of 10000 issues only

[l34d51n63r]

The WriteFiles-Class fails, as SonarQube only allows to request for a maximum of 10000 issues. This could be fixed by building the request with the rules-parameter (&rules=squid:XXX), which will give us only the relevant issues. (SonarQube version 6.2)

[davewichers]

Thanks for reporting. Another Benchmark user reported the same issue this week, along with some other details as we got farther along that we need to investigate, fix, and push out for SonarQube.

[minshi123]

hi, any progress here:-? (same questions.)

[davewichers]

FYI. The SonarQube support in Benchmark is so old as to be fundamentally broken I suspect. Need to rewrite how this works. Ideally, SonarQube can simply export an XML results file now, and we can write a parser for it, like all the other tools. If anyone knows that SonarQube can export a results file, please explain how, and send me a Benchmark results file for SonarQube and I'm happy to write a parser for it. (Or you could do it yourself and submit a pull request :-) ).

[magussiro]

HI
I am trying to parsing SonarQubeJava rules sets to cwe, but i found the cwelookup method only transfer squid to cwe one on one, if there have easyway to parse SonarQubeJava rules sets?

here is the order sets
https://pastebin.com/r2SDQRzj

ref:

src/main/java/org/owasp/benchmark/score/parsers/SonarQubeReader.java

https://github.com/SonarSource/sonar-java/tree/35e70591626e1b27bb059f795dda0327c02a09d3/java-checks/src/main/resources/org/sonar/l10n/java/rules/squid

[davewichers]

@darkspirit510 - Have you fixed this issue too?