kzzz1

Hello! Could someone confirm me my understanding of the sonarqube api import via adding api scan configuration? I have read that there is a sync every 3 hours. Does that sync is for the automatic pull of the sq issue to defectdojo? Like if a new sq scan is perform in my project, does dd will automatically sees it and import it?

I'm trying to generate a sonarqube report that includes both security vulnerabilities and hotpots (like the default import for the sq api import). But I see they are now in 2 differents endpoints /issues and /endpoints. Do you guys make 2 separates calls and 2 differents import to dd task in your pipeline? Does someone could show me an example of your call to sq to generate a sq report that dd can ingest? I thought of using soprasteria, but some people talking about issues with it, does someone know if its a reliable tool? Thanks a lot!

hello, I'm using the notification webhook triggered by scan_added to help our different teams to know when they have new findings in their products after importing a new scan. But all my 'duplicates' findings are in the 'new' field in the webhook. How do we only get the real 'new' findings in the webhook?