search: Search for a collection of relevant rules matching a specified query
API: sonarcloud.io:sonarqube
Endpoint: /api/rules/search
Response format: application/json
Auth: unknown
Method: GET
Last Status:
404
Latency: 496ms
Description
Search for a collection of relevant rules matching a specified query. Since 5.5, following fields in the response have been deprecated : - "effortToFixDescription" becomes "gapDescription"- "debtRemFnCoeff" becomes "remFnGapMultiplier"- "defaultDebtRemFnCoeff" becomes "defaultRemFnGapMultiplier"- "debtRemFnOffset" becomes "remFnBaseEffort"- "defaultDebtRemFnOffset" becomes "defaultRemFnBaseEffort"- "debtOverloaded" becomes "remFnOverloaded"
Parameters (33)
activation
(string, query, optional)
Filter rules that are activated or deactivated on the selected Quality profile. Ignored if the parameter 'qprofile' is not set.
Constraints: {'enum': ['true', 'false', 'yes', 'no']}
active_severities
(string, query, optional)
Comma-separated list of activation severities, i.e the severity of rules in Quality profiles.
Constraints: {'enum': ['INFO', 'MINOR', 'MAJOR', 'CRITICAL', 'BLOCKER']}
asc
(string, query, optional, default: true)
Ascending sort
Constraints: {'enum': ['true', 'false', 'yes', 'no']}
available_since
(string, query, optional)
Filters rules added since date. Format is yyyy-MM-dd
cleanCodeAttributeCategories
(string, query, optional)
Comma-separated list of Clean Code Attribute Categories
Constraints: {'enum': ['ADAPTABLE', 'CONSISTENT', 'INTENTIONAL', 'RESPONSIBLE']}
complianceStandards
(string, query, optional)
Set of compliance standards to filter on. Categories within a standard are comma-separated and behave as an 'or'. Multiple standards are separated by an ampersand and behave as an 'and'.
cwe
(string, query, optional)
Comma-separated list of CWE identifiers. Use 'unknown' to select rules not associated to any CWE.
f
(string, query, optional)
Comma-separated list of the fields to be returned in response. All the fields are returned by default, except actives.Since 5.5, following fields have been deprecated : - "defaultDebtRemFn" becomes "defaultRemFn"- "debtRemFn" becomes "remFn"- "effortToFixDescription" becomes "gapDescription"- "debtOverloaded" becomes "remFnOverloaded"
Constraints: {'enum': ['actives', 'cleanCodeAttribute', 'createdAt', 'debtOverloaded', 'debtRemFn', 'defaultDebtRemFn', 'defaultRemFn', 'deprecatedKeys', 'descriptionSections', 'educationPrinciples', 'effortToFixDescription', 'gapDescription', 'htmlDesc', 'htmlNote', 'impacts', 'internalKey', 'isExternal', 'isTemplate', 'lang', 'langName', 'mdDesc', 'mdNote', 'name', 'noteLogin', 'params', 'remFn', 'remFnOverloaded', 'repo', 'scope', 'securityStandards', 'severity', 'status', 'sysTags', 'tags', 'templateKey', 'updatedAt']}
facets
(string, query, optional)
Comma-separated list of the facets to be computed. No facet is computed by default.
Constraints: {'enum': ['languages', 'repositories', 'tags', 'severities', 'active_severities', 'statuses', 'types', 'true', 'cwe', 'owaspMobileTop10-2024', 'owaspTop10', 'owaspTop10-2021', 'sonarsourceSecurity', 'cleanCodeAttributeCategories', 'impactSeverities', 'impactSoftwareQualities', 'complianceStandards']}
impactSeverities
(string, query, optional)
Comma-separated list of Software Quality Severities
Constraints: {'enum': ['INFO', 'LOW', 'MEDIUM', 'HIGH', 'BLOCKER']}
impactSoftwareQualities
(string, query, optional)
Comma-separated list of Software Qualities
Constraints: {'enum': ['MAINTAINABILITY', 'RELIABILITY', 'SECURITY']}
include_external
(string, query, optional, default: false)
Include external engine rules in the results
Constraints: {'enum': ['true', 'false', 'yes', 'no']}
inheritance
(string, query, optional)
Comma-separated list of values of inheritance for a rule within a quality profile. Used only if the parameter 'activation' is set.
Constraints: {'enum': ['NONE', 'INHERITED', 'OVERRIDES']}
is_template
(string, query, optional)
Filter template rules
Constraints: {'enum': ['true', 'false', 'yes', 'no']}
languages
(string, query, optional)
Comma-separated list of languages
organization
(string, query, optional)
Organization key
owaspMobileTop10-2024
(string, query, optional)
Comma-separated list of OWASP Mobile Top 10 (2024) lowercase categories.
Constraints: {'enum': ['m1', 'm2', 'm3', 'm4', 'm5', 'm6', 'm7', 'm8', 'm9', 'm10']}
owaspTop10
(string, query, optional)
Comma-separated list of OWASP Top 10 lowercase categories.
Constraints: {'enum': ['a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7', 'a8', 'a9', 'a10']}
owaspTop10-2021
(string, query, optional)
Comma-separated list of OWASP Top 10 (2021) lowercase categories.
Constraints: {'enum': ['a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7', 'a8', 'a9', 'a10']}
p
(string, query, optional, default: 1)
1-based page number
ps
(string, query, optional, default: 100)
Page size. Must be greater than 0 and less or equal than 500
q
(string, query, optional)
UTF-8 search query
qprofile
(string, query, optional)
Quality profile key to filter on. Used only if the parameter 'activation' is set.
repositories
(string, query, optional)
Comma-separated list of repositories
rule_key
(string, query, optional)
Key of rule to search for
rule_keys
(string, query, optional)
Rule keys
s
(string, query, optional)
Sort field
Constraints: {'enum': ['name', 'updatedAt', 'createdAt', 'key']}
severities
(string, query, optional)
Comma-separated list of default severities. Not the same than severity of rules in Quality profiles.
Constraints: {'enum': ['INFO', 'MINOR', 'MAJOR', 'CRITICAL', 'BLOCKER']}
sonarsourceSecurity
(string, query, optional)
Comma-separated list of SonarSource security categories. Use 'others' to select rules not associated with any category
Constraints: {'enum': ['buffer-overflow', 'permission', 'sql-injection', 'command-injection', 'path-traversal-injection', 'ldap-injection', 'xpath-injection', 'rce', 'dos', 'ssrf', 'csrf', 'xss', 'log-injection', 'http-response-splitting', 'open-redirect', 'xxe', 'object-injection', 'weak-cryptography', 'auth', 'insecure-conf', 'encrypt-data', 'traceability', 'file-manipulation', 'others']}
statuses
(string, query, optional)
Comma-separated list of status codes
Constraints: {'enum': ['BETA', 'DEPRECATED', 'READY', 'REMOVED']}
tags
(string, query, optional)
Comma-separated list of tags. Returned rules match any of the tags (OR operator)
template_key
(string, query, optional)
Key of the template rule to filter on. Used to search for the custom rules based on this template.
types
(string, query, optional)
Comma-separated list of types. Returned rules match any of the tags (OR operator)
Constraints: {'enum': ['CODE_SMELL', 'BUG', 'VULNERABILITY', 'SECURITY_HOTSPOT']}
Examples (1)
Search for a collection of relevant rules matching a specified query
openapi-spec
Curl
Python Requests
Zingu Apis
Javascript Fetch
curl 'https://sonarcloud.io/api/rules/search?active_severities=CRITICAL%2CBLOCKER&available_since=2014-06-22&cleanCodeAttributeCategories=ADAPTABLE%2CINTENTIONAL&complianceStandards=owasp_asvs%3Aurn%3Asonar-security-standard%3Aowasp%3Aasvs%3A5.0%3D15%2C16%26sonar_standard%3Aurn%3Asonar-security-standard%3Asonar%3Astandard%3Aunversioned%3Dlog-injection&sonar_standard%3Aurn%3Asonar-security-standard%3Asonar%3Astandard%3Aunversioned=log-injection&cwe=12%2C125%2Cunknown&f=remFn%2CdescriptionSections&facets=languages%2Crepositories&impactSeverities=HIGH%2CMEDIUM&impactSoftwareQualities=MAINTAINABILITY%2CRELIABILITY&inheritance=INHERITED%2COVERRIDES&languages=java%2Cjs&organization=my-org&p=42&ps=20&q=xpath&qprofile=AU-Tpxb--iU5OvuD2FLy&repositories=checkstyle%2Cfindbugs&rule_key=squid%3AS001&rule_keys=squid%3AS1002%2Csquid%3AS1003&s=name&severities=CRITICAL%2CBLOCKER&sonarsourceSecurity=sql-injection%2Ccommand-injection%2Cothers&statuses=READY&tags=security%2Cjava8&template_key=java%3AS001&types=BUG'import requests
resp = requests.get(
"https://sonarcloud.io/api/rules/search",
params={
'active_severities': 'CRITICAL,BLOCKER',
'available_since': '2014-06-22',
'cleanCodeAttributeCategories': 'ADAPTABLE,INTENTIONAL',
'complianceStandards': 'owasp_asvs:urn:sonar-security-standard:owasp:asvs:5.0=15,16&sonar_standard:urn:sonar-security-standard:sonar:standard:unversioned=log-injection',
'sonar_standard:urn:sonar-security-standard:sonar:standard:unversioned': 'log-injection',
'cwe': '12,125,unknown',
'f': 'remFn,descriptionSections',
'facets': 'languages,repositories',
'impactSeverities': 'HIGH,MEDIUM',
'impactSoftwareQualities': 'MAINTAINABILITY,RELIABILITY',
'inheritance': 'INHERITED,OVERRIDES',
'languages': 'java,js',
'organization': 'my-org',
'p': '42',
'ps': '20',
'q': 'xpath',
'qprofile': 'AU-Tpxb--iU5OvuD2FLy',
'repositories': 'checkstyle,findbugs',
'rule_key': 'squid:S001',
'rule_keys': 'squid:S1002,squid:S1003',
's': 'name',
'severities': 'CRITICAL,BLOCKER',
'sonarsourceSecurity': 'sql-injection,command-injection,others',
'statuses': 'READY',
'tags': 'security,java8',
'template_key': 'java:S001',
'types': 'BUG',
},
)
data = resp.json()import zingu_apis
api = zingu_apis.api("sonarqube")
result = api.fetch("api/rules/search", active_severities="CRITICAL,BLOCKER", available_since="2014-06-22", cleanCodeAttributeCategories="ADAPTABLE,INTENTIONAL", complianceStandards="owasp_asvs:urn:sonar-security-standard:owasp:asvs:5.0=15,16&sonar_standard:urn:sonar-security-standard:sonar:standard:unversioned=log-injection", sonar_standard:urn:sonar-security-standard:sonar:standard:unversioned="log-injection", cwe="12,125,unknown", f="remFn,descriptionSections", facets="languages,repositories", impactSeverities="HIGH,MEDIUM", impactSoftwareQualities="MAINTAINABILITY,RELIABILITY", inheritance="INHERITED,OVERRIDES", languages="java,js", organization="my-org", p=42, ps=20, q="xpath", qprofile="AU-Tpxb--iU5OvuD2FLy", repositories="checkstyle,findbugs", rule_key="squid:S001", rule_keys="squid:S1002,squid:S1003", s="name", severities="CRITICAL,BLOCKER", sonarsourceSecurity="sql-injection,command-injection,others", statuses="READY", tags="security,java8", template_key="java:S001", types="BUG")
for item in result:
print(item)const resp = await fetch("https://sonarcloud.io/api/rules/search?active_severities=CRITICAL%2CBLOCKER&available_since=2014-06-22&cleanCodeAttributeCategories=ADAPTABLE%2CINTENTIONAL&complianceStandards=owasp_asvs%3Aurn%3Asonar-security-standard%3Aowasp%3Aasvs%3A5.0%3D15%2C16%26sonar_standard%3Aurn%3Asonar-security-standard%3Asonar%3Astandard%3Aunversioned%3Dlog-injection&sonar_standard%3Aurn%3Asonar-security-standard%3Asonar%3Astandard%3Aunversioned=log-injection&cwe=12%2C125%2Cunknown&f=remFn%2CdescriptionSections&facets=languages%2Crepositories&impactSeverities=HIGH%2CMEDIUM&impactSoftwareQualities=MAINTAINABILITY%2CRELIABILITY&inheritance=INHERITED%2COVERRIDES&languages=java%2Cjs&organization=my-org&p=42&ps=20&q=xpath&qprofile=AU-Tpxb--iU5OvuD2FLy&repositories=checkstyle%2Cfindbugs&rule_key=squid%3AS001&rule_keys=squid%3AS1002%2Csquid%3AS1003&s=name&severities=CRITICAL%2CBLOCKER&sonarsourceSecurity=sql-injection%2Ccommand-injection%2Cothers&statuses=READY&tags=security%2Cjava8&template_key=java%3AS001&types=BUG");
const data = await resp.json();
Run
Probe History
Time Status Latency Size
2026-04-16 17:42:47.089010
404
496ms
2026-04-16 01:04:51.195779
404
177ms
2026-04-15 02:30:08.157428
404
147ms
2026-04-14 00:40:04.264567
404
186ms
2026-04-12 16:40:57.150345
404
1574ms
2026-04-10 02:20:01.216658
404
100ms
2026-04-09 03:40:07.574650
404
126ms