A 2D digital illustration shows a laptop screen displaying a SonarQube export report, with a printed sheet and analytics graph emerging from the screen.

How to Generate a SonarQube Export Report: Full Guide for Developers and Teams

by

Let’s face it — good code isn’t enough anymore. Whether you’re shipping software to a regulated industry or just trying to keep technical debt under control, tracking quality matters. That’s where the SonarQube export report comes into play. While SonarQube is famous for its interactive dashboard, many users overlook one of its most powerful features: exporting reports for compliance, auditing, and team communication.

This article walks you through the entire SonarQube report generation process — from built-in tools to community plugins and custom scripting. By the end, you’ll not only know how to create a great SonarQube report example, but also how to automate and scale it.

Why Exporting SonarQube Reports Matters

SonarQube’s real-time dashboard is fantastic for day-to-day coding. But what about external stakeholders or long-term analysis? That’s where exporting comes in. A SonarQube export report can serve multiple purposes:

  • Give non-developer stakeholders a digestible summary
  • Create audit trails for certifications like OWASP or ISO
  • Support retrospectives with historical comparisons
  • Integrate with broader documentation systems

An exported report is a static, sharable view of code health — perfect for review meetings, compliance checks, or performance tracking.

Step 1: Know What’s in a SonarQube Report

Before you generate anything, understand what the platform measures. A typical SonarQube report example might include:

  • Bugs – Actual defects in the codebase
  • Vulnerabilities – Security risks and exploitable flaws
  • Code Smells – Maintainability issues that may cause future bugs
  • Coverage – Percentage of code covered by tests
  • Duplications – Reused or copy-pasted code blocks
  • Technical Debt – Estimated time required to fix all known issues

You can slice this data by file, module, or contributor — which helps tailor reports to your audience.

Step 2: Use the Built-In Export in Enterprise Edition

If you’re lucky enough to run SonarQube Enterprise Edition, you’re already set. Generating a report is simple and fast:

How to export in Enterprise:

  1. Go to your project dashboard
  2. Click More (top-right corner)
  3. Choose Executive Report
  4. Select sections like coverage, security, maintainability
  5. Hit Generate — your PDF will download

This is perfect for managers or external reviewers who want a snapshot of project health without poking around the UI.

Step 3: Use a Plugin for SonarQube Community Edition

Using the free version? No problem. The community-driven sonarqube-report plugin by eXcentia offers solid functionality for automated SonarQube export report generation.

What the plugin does:

  • Exports reports as PDF
  • Shows issues by severity
  • Displays code duplication stats
  • Can be scheduled for auto-export

Setup steps:

  • Download the .jar file
  • Drop it into extensions/plugins/ in your SonarQube server
  • Restart the server
  • Configure reports via the project dashboard

You can customize output based on:

  • Severity (critical only, for example)
  • Components (filter by file or module)
  • Periods (compare current results to a past scan)

For teams without access to Enterprise, this is the fastest way to create a usable SonarQube report example.

Step 4: Generate Custom Reports Using the Web API

Need more control? The SonarQube Web API is the best option for developers, DevOps engineers, or QA teams building tailored reports.

Most-used API endpoints:

  • api/issues/search – List issues by type or severity
  • api/measures/component – Get metrics like test coverage and duplication
  • api/qualitygates/project_status – Track quality gate pass/fail

Using Python, Node.js, or Bash, you can pull this data and output it into:

  • CSV or Excel
  • HTML
  • JSON logs
  • Weekly email digests

Want real integration? Add the report generation script to your CI/CD pipeline using tools like Jenkins or GitLab.

Step 5: Structuring a Great SonarQube Report Example

A clean layout matters. Here’s what a strong SonarQube export report might look like:

Header:

  • Project Name
  • Version / Branch
  • Date of Scan
  • Quality Gate Status

Key Metrics:

  • Bugs: 3
  • Vulnerabilities: 1
  • Code Smells: 41
  • Test Coverage: 78%
  • Duplication: 2.1%
  • Maintainability Rating: A

Breakdown Table:

TypeSeverityCount
BugBlocker1
VulnerabilityCritical1
Code SmellMajor30
Code SmellMinor11

Most Affected Files:

  • src/services/userAuth.js: 5 issues
  • src/components/paymentForm.vue: 4 issues
  • src/utils/helpers.py: 3 issues

Historical Trends:

  • Coverage changes over last 5 builds
  • Open vs Resolved issues over time
  • Technical debt trajectory

This structure balances technical detail with visual clarity — a must for busy teams or execs.

Best Practices for SonarQube Report Generation

Want better reporting results? Follow these tips:

  1. Automate Everything
    Trigger SonarQube export report generation in your CI build. Use curl or API calls to fetch data after each deploy.
  2. Filter by Context
    Focus reports on what matters — don’t overload. Auditors want security; devs want maintainability.
  3. Track Progress
    Use weekly or monthly snapshots to detect regression early. Don’t wait until the end of the sprint.
  4. Add Commentary
    Include a short summary: what’s improved, what needs fixing, and what to prioritize next.

Troubleshooting Common Report Issues

Problem: Report is empty
Fix: Ensure the project has at least one successful scan. Also, confirm that filters or branch selections aren’t excluding data.

Problem: Report generation fails in CI
Fix: Double-check API tokens, permissions, and endpoint URLs. Implement retry logic for large reports.

Problem: Report is too large
Fix: Narrow the scope — export by module or filter by severity. Consider increasing server memory.