django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Missing Description and CWE when importing from sonarqube

Open valentijnscholten opened this issue 6 months ago • 2 comments

Discussed in https://github.com/DefectDojo/django-DefectDojo/discussions/12539

Originally posted by nmathews24 June 2, 2025 After we upgraded Sonarqube to v2025.1.1, the sonarqube import-scan is not pulling some fields like Description and CWE in Defectdojo. It seems the htmlDesc field is not returned in the Rules object anymore with this Sonarqube version and importer.py under DefectDojo/django-DefectDojo/tree/master/dojo/tools/api_sonarqube seems to be looking for this to populate some info. Anyone facing similar issue and aware of any fix?

valentijnscholten avatar Jun 08 '25 10:06 valentijnscholten

Anyone aware of this issue or of a fix for this? Importing scans from Sonarqube using API is not pulling key fields like Description and CWE into Defectdojo. Any input will be helpful.

Following is the code within django-DefectDojo/dojo/tools/api_sonarqube/importer.py. The if block never gets executed now since 'htmlDesc' is deprecated and not returned in responses with Sonarqube v2025.1.1

if "htmlDesc" in rule: description = self.clean_rule_description_html( rule["htmlDesc"], ) cwe = self.clean_cwe(rule["htmlDesc"]) references = sonarqube_permalink + self.get_references(rule["htmlDesc"]) else: description = "" cwe = None

nmathews24 avatar Jun 10 '25 20:06 nmathews24

Are you able to test and do a PR? I don't think we have access to a SonarQube (cloud) instance currently which makes it hard or even impossible for us to work on this.

valentijnscholten avatar Jun 10 '25 21:06 valentijnscholten