Generating a SonarQube SAST Report
Last updated
Was this helpful?
Last updated
Was this helpful?
This guide will walk you through the steps to run a python script which will download your SonarQube vulnerability SAST report as a json
file that can be submitted to Mobb. This script works for both Sonarcloud (SaaS) and SonarQube (on-premise).
You must have Python installed in your environment. If you don't have Python installed, please do so by visiting the Python download site .
You will need to run the script via your terminal or command prompt.
Download the sonarqube_download_report.py
script from .
SONARQUBE_HOST_URL
Example values: https://sonarcloud.io
or http://localhost:9000
SONARQUBE_TOKEN
Generate this token at by following the instruction
SONARQUBE_ORG
Your Sonarcloud Org ID. If you are using SonarQube, enter none
SONARQUBE_PROJECT
Your Sonarqube project key
BRANCH
The branch name. For example: main
REPORT_PATH
Name of the output report For example: sonar_report.json