{"id":37071033,"url":"https://github.com/ataseren/reflectsonar","last_synced_at":"2026-01-14T08:17:42.256Z","repository":{"id":292592015,"uuid":"981209793","full_name":"ataseren/reflectsonar","owner":"ataseren","description":"ReflectSonar is a tool that creates a detailed PDF report of the SonarQube scan. It compensates for the lack of report generation mechanism in some SonarQube editions.","archived":false,"fork":false,"pushed_at":"2025-10-10T10:16:19.000Z","size":5011,"stargazers_count":4,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-19T05:52:24.495Z","etag":null,"topics":["appsec","code-quality","cybersecurity","devsecops","reporting"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ataseren.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-05-10T15:32:43.000Z","updated_at":"2025-10-17T16:26:34.000Z","dependencies_parsed_at":"2025-10-04T00:09:33.890Z","dependency_job_id":"0be6d794-1f82-4f73-8c22-99e27b1765bc","html_url":"https://github.com/ataseren/reflectsonar","commit_stats":null,"previous_names":["ataseren/reflectsonar"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/ataseren/reflectsonar","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ataseren%2Freflectsonar","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ataseren%2Freflectsonar/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ataseren%2Freflectsonar/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ataseren%2Freflectsonar/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ataseren","download_url":"https://codeload.github.com/ataseren/reflectsonar/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ataseren%2Freflectsonar/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28413748,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T05:26:33.345Z","status":"ssl_error","status_checked_at":"2026-01-14T05:21:57.251Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","code-quality","cybersecurity","devsecops","reporting"],"created_at":"2026-01-14T08:17:41.629Z","updated_at":"2026-01-14T08:17:42.247Z","avatar_url":"https://github.com/ataseren.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ReflectSonar\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/ataseren/reflectsonar/refs/heads/main/rs-logo.png\" width=\"400\" alt=\"reflectsonar-logo\"\u003e\n\u003c/p\u003e\n\n**PDF Report Generator for SonarQube Analysis**\n\nReflectSonar is a simple Python tool for generating a PDF report of a project scan conducted by a SonarQube instance. It reads the data via API and generates a PDF report for general metrics, issues and security hotspots.\n\nSonarQube Community and Developer Editions do not have report generationn feature. The purpose of this tool is adding this functionality to these editions.\n\nThis tool is not affiliated with Sonar. The report is generated based on SonarQube instance that its information is provided. All data is fetched from\nSonarQube API. ReflectSonar just provides a way to generate the report.\n\n## Quick Start\n\n### Installation\n\n#### Option 1: Install from PyPI\n\n```bash\n# Install ReflectSonar\npip install reflectsonar\n\n# Run directly\nreflectsonar -p \"your-project-key\" -t \"your-token\" -u \"http://your-sonarqube:9000\"\n```\n\n#### Option 2: Download Pre-built Binary\n\nDownload the latest binary release for your platform from the [Releases page](https://github.com/ataseren/reflectsonar/releases):\n\n**Linux:**\n```bash\n# Download and extract\nwget https://github.com/ataseren/reflectsonar/releases/latest/download/reflectsonar-linux-x64.tar.gz\ntar -xzf reflectsonar-linux-x64.tar.gz\n\n# Make executable and run\nchmod +x reflectsonar\n./reflectsonar --help\n```\n\n**Windows:**\n```powershell\n# Download reflectsonar-windows-x64.zip from releases page\n# Extract and run reflectsonar.exe\n.\\reflectsonar.exe --help\n```\n\n**macOS:**\n```bash\n# Download and extract\nwget https://github.com/ataseren/reflectsonar/releases/latest/download/reflectsonar-macos-x64.tar.gz\ntar -xzf reflectsonar-macos-x64.tar.gz\n\n# Make executable and run  \nchmod +x reflectsonar\n./reflectsonar --help\n```\n\n#### Option 3: Install from Source\n\n```bash\n# Clone the repository\ngit clone https://github.com/ataseren/reflectsonar.git\ncd reflectsonar\n\n# Install dependencies\npip install -r requirements.txt\n```\n\n### Basic Usage\n\n#### Using the Binary (Recommended)\n\n```bash\n# Generate a report for your project\n./reflectsonar -p \"your-project-key\" -t \"your-sonarqube-token\" -u \"http://your-sonarqube-server:9000\"\n\n# With custom output path\n./reflectsonar -p \"my-app\" -t \"squ_abc123...\" -o \"reports/my-app-quality-report.pdf\"\n\n# With verbose logging\n./reflectsonar -p \"my-app\" -t \"squ_abc123...\" --verbose\n\n# Using a configuration file\n./reflectsonar -c config.yaml\n```\n\n#### Using Python Source\n\n```bash\n# Generate a report for your project\npython src/main.py -p \"your-project-key\" -t \"your-sonarqube-token\" -u \"http://your-sonarqube-server:9000\"\n\n# With custom output path\npython src/main.py -p \"my-app\" -t \"squ_abc123...\" -o \"reports/my-app-quality-report.pdf\"\n\n# With verbose logging\npython src/main.py -p \"my-app\" -t \"squ_abc123...\" --verbose\n```\n\n## Command Line Options\n\n| Option | Short | Description | Required | Default |\n|--------|-------|-------------|----------|---------|\n| `--project` | `-p` | SonarQube project key | ✅ Yes | - |\n| `--token` | `-t` | SonarQube authentication token | ✅ Yes | - |\n| `--url` | `-u` | SonarQube server URL | ❌ No | `http://localhost:9000` |\n| `--output` | `-o` | Output PDF file path | ❌ No | Auto-generated |\n| `--config` | `-c` | Configuration file path | ❌ No | `config.yaml` |\n| `--verbose` | `-v` | Enable detailed logging | ❌ No | `False` |\n\n## Configuration\n\n### SonarQube Token Setup\n\n- **Generate Token**: Go to SonarQube → My Account → Security → Generate Tokens (It must be a User Token)\n- **Token Format**: `squ_1a2b3c4d5e6f7g8h9i0j...` \n- **Permissions**: Ensure token has enough permission on your project\n\n## Report Structure\n\n### 1. **Cover Page**\n- Project overview and summary statistics\n- Quality metrics and ratings\n- Generation timestamp and SonarQube mode\n\n### 2. **Issues**\n- Security, reliability and maintainability issues\n- Affected code snippets and triggered rules\n\n### 3. **Security Hotspots**\n- Detailed security hotspot analysis\n- Risk categories and remediation guidance\n- Code context and security implications\n\n### 4. Rules\n- Rules triggered by the issues in a project\n- Mitigation and detailed description for the issue\n- Extra resources\n\n## Contributing\n\nWe welcome contributions! Please see our [Contributing Guidelines](CONTRIBUTING.md) for details.\n\n[Open an issue](https://github.com/ataseren/reflectsonar/issues) to discuss your ideas! Submit a PR in any way you want.\n\nI am trying to make life easier for peoples' that need the functionality of this tool. Therefore, I don't want to bother you with strict contribution rules. Just open an issue or PR and I will be happy to review it. \n\nAlso, feel free to reach out to me via email or LinkedIn.\n\n## License\n\nThis project is licensed under the GPL-3.0 License - see the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fataseren%2Freflectsonar","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fataseren%2Freflectsonar","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fataseren%2Freflectsonar/lists"}