Let’s face it — good code isn’t enough anymore. Whether you’re shipping software to a regulated industry or just trying to keep technical debt under control, tracking quality matters. That’s where the SonarQube export report comes into play. While SonarQube is famous for its interactive dashboard, many users overlook one of its most powerful features: exporting reports for compliance, auditing, and team communication.
This article walks you through the entire SonarQube report generation process — from built-in tools to community plugins and custom scripting. By the end, you’ll not only know how to create a great SonarQube report example, but also how to automate and scale it.
Why Exporting SonarQube Reports Matters
SonarQube’s real-time dashboard is fantastic for day-to-day coding. But what about external stakeholders or long-term analysis? That’s where exporting comes in. A SonarQube export report can serve multiple purposes:
- Give non-developer stakeholders a digestible summary
- Create audit trails for certifications like OWASP or ISO
- Support retrospectives with historical comparisons
- Integrate with broader documentation systems
An exported report is a static, sharable view of code health — perfect for review meetings, compliance checks, or performance tracking.
Step 1: Know What’s in a SonarQube Report
Before you generate anything, understand what the platform measures. A typical SonarQube report example might include:
- Bugs – Actual defects in the codebase
- Vulnerabilities – Security risks and exploitable flaws
- Code Smells – Maintainability issues that may cause future bugs
- Coverage – Percentage of code covered by tests
- Duplications – Reused or copy-pasted code blocks
- Technical Debt – Estimated time required to fix all known issues
You can slice this data by file, module, or contributor — which helps tailor reports to your audience.
Step 2: Use the Built-In Export in Enterprise Edition
If you’re lucky enough to run SonarQube Enterprise Edition, you’re already set. Generating a report is simple and fast:
How to export in Enterprise:
- Go to your project dashboard
- Click More (top-right corner)
- Choose Executive Report
- Select sections like coverage, security, maintainability
- Hit Generate — your PDF will download
This is perfect for managers or external reviewers who want a snapshot of project health without poking around the UI.
Step 3: Use a Plugin for SonarQube Community Edition
Using the free version? No problem. The community-driven sonarqube-report plugin by eXcentia offers solid functionality for automated SonarQube export report generation.
What the plugin does:
- Exports reports as PDF
- Shows issues by severity
- Displays code duplication stats
- Can be scheduled for auto-export
Setup steps:
- Download the
.jar
file - Drop it into
extensions/plugins/
in your SonarQube server - Restart the server
- Configure reports via the project dashboard
You can customize output based on:
- Severity (critical only, for example)
- Components (filter by file or module)
- Periods (compare current results to a past scan)
For teams without access to Enterprise, this is the fastest way to create a usable SonarQube report example.
Step 4: Generate Custom Reports Using the Web API
Need more control? The SonarQube Web API is the best option for developers, DevOps engineers, or QA teams building tailored reports.
Most-used API endpoints:
api/issues/search
– List issues by type or severityapi/measures/component
– Get metrics like test coverage and duplicationapi/qualitygates/project_status
– Track quality gate pass/fail
Using Python, Node.js, or Bash, you can pull this data and output it into:
- CSV or Excel
- HTML
- JSON logs
- Weekly email digests
Want real integration? Add the report generation script to your CI/CD pipeline using tools like Jenkins or GitLab.
Step 5: Structuring a Great SonarQube Report Example
A clean layout matters. Here’s what a strong SonarQube export report might look like:
Header:
- Project Name
- Version / Branch
- Date of Scan
- Quality Gate Status
Key Metrics:
- Bugs: 3
- Vulnerabilities: 1
- Code Smells: 41
- Test Coverage: 78%
- Duplication: 2.1%
- Maintainability Rating: A
Breakdown Table:
Type | Severity | Count |
---|---|---|
Bug | Blocker | 1 |
Vulnerability | Critical | 1 |
Code Smell | Major | 30 |
Code Smell | Minor | 11 |
Most Affected Files:
src/services/userAuth.js
: 5 issuessrc/components/paymentForm.vue
: 4 issuessrc/utils/helpers.py
: 3 issues
Historical Trends:
- Coverage changes over last 5 builds
- Open vs Resolved issues over time
- Technical debt trajectory
This structure balances technical detail with visual clarity — a must for busy teams or execs.
Best Practices for SonarQube Report Generation
Want better reporting results? Follow these tips:
- Automate Everything
Trigger SonarQube export report generation in your CI build. Use curl or API calls to fetch data after each deploy. - Filter by Context
Focus reports on what matters — don’t overload. Auditors want security; devs want maintainability. - Track Progress
Use weekly or monthly snapshots to detect regression early. Don’t wait until the end of the sprint. - Add Commentary
Include a short summary: what’s improved, what needs fixing, and what to prioritize next.
Troubleshooting Common Report Issues
Problem: Report is empty
Fix: Ensure the project has at least one successful scan. Also, confirm that filters or branch selections aren’t excluding data.
Problem: Report generation fails in CI
Fix: Double-check API tokens, permissions, and endpoint URLs. Implement retry logic for large reports.
Problem: Report is too large
Fix: Narrow the scope — export by module or filter by severity. Consider increasing server memory.