Hey there, let's break this down step by step since you're using SonarQube 6.7.1 (a solid LTS version!)—first, we'll fix that API issue, then cover how to store those stats in a time-series database.

First: The Correct API Endpoint #

Your initial URL pointed to api/metrics, which only lists all available metrics in SonarQube—not project-specific data. For the stats you need, use the api/measures/component endpoint instead. Here's a valid GET request:

GET http://sonar-server:9000/api/measures/component?component=YOUR_PROJECT_KEY&metrics=bugs,vulnerabilities,duplicated_lines_density,coverage

Key Details: #

• Replace YOUR_PROJECT_KEY with your actual project key (find this in your SonarQube project dashboard URL—e.g., if the URL is http://sonar-server:9000/dashboard?id=my-ecommerce-app, the key is my-ecommerce-app).
• The metrics parameter explicitly specifies the data you want:
  • bugs: Total bug count
  • vulnerabilities: Total vulnerability count
  • duplicated_lines_density: Code duplication rate (as a percentage)
  • coverage: Code coverage percentage
• Authentication: If your SonarQube instance requires login, create a token under My Account > Security, then pass it via the request header:

  Authorization: Basic <base64-encoded-token>
  

  (Note: Encode just your token followed by a colon—e.g., my-sonar-token: becomes a base64 string for the header.)

The response will include a component object with a measures array, where each entry has the metric name and its corresponding value—easy to parse for your needs.

Implementing Storage in a Time-Series Database #

Storing these stats over time is straightforward. Here's a practical workflow:

Step 1: Automate Data Fetching #

Write a simple script (Python, Bash, etc.) to pull and parse the API data. For example, a Python snippet using requests:

import requests

sonar_url = "http://sonar-server:9000/api/measures/component"
params = {
    "component": "my-ecommerce-app",
    "metrics": "bugs,vulnerabilities,duplicated_lines_density,coverage"
}
headers = {"Authorization": "Basic <your-base64-token>"}

response = requests.get(sonar_url, params=params, headers=headers)
data = response.json()

# Extract clean values
metrics = {entry["metric"]: entry["value"] for entry in data["component"]["measures"]}
bug_count = int(metrics["bugs"])
vuln_count = int(metrics["vulnerabilities"])
dupe_rate = float(metrics["duplicated_lines_density"])
coverage_pct = float(metrics["coverage"])

Step 2: Write to Your Time-Series Database #

Depending on your choice of DB (InfluxDB, Prometheus, TimescaleDB):

• InfluxDB: Use its HTTP API to write timestamped points. Example curl command:

  curl -i -XPOST "http://influxdb-server:8086/write?db=sonar_stats" --data-binary "sonar_metrics,project=my-ecommerce-app bugs=$bug_count,vulnerabilities=$vuln_count,duplication_rate=$dupe_rate,coverage=$coverage_pct $(date +%s%N)"
  

• Prometheus: Build a lightweight exporter script that exposes these metrics as Prometheus-compatible endpoints, then configure Prometheus to scrape it at your desired interval.
• TimescaleDB: Use a SQL INSERT statement from your script to add a row with a timestamp and the 4 metrics to a pre-created table.

Step 3: Schedule Regular Runs #

• Use cron (Linux/macOS) or Task Scheduler (Windows) to run your script on a schedule (e.g., daily, after every CI/CD build).
• Alternatively, integrate the fetch-and-store step into your CI/CD pipeline (Jenkins, GitLab CI, etc.) so stats are captured automatically every time you run a SonarQube analysis.

A quick heads-up: SonarQube 6.7.1 is an older LTS, so stick to version-specific docs if you need to dig deeper—most core API behavior holds, but some edge cases might differ from newer versions.

内容的提问来源于stack exchange，提问作者Lav