How to find new violations for particular rule id using rest api?
Summary on what I am trying to do:
During the pull request we want to find new violations by comparing target and base builds. We have list of rules IDs checked in code in yaml file. If any new violations are from those rule IDs then we plan to fail the build. that is why we need api to get the information and not in the browser.
I am calling this:
json that it returns have violationed id and unbranchedViolation id (which I don't understand what that means). But the problem is:
1) It gives me fixed + new violations. In that json there is not way to figure out which one is new and which one is fixed. We want to fail build for new violations only (fixed violations are good to have).
2) It just gives me violations ID and I could not figure out a way to find rule ID that it is attached to. I tried providing violations ID to resources api but still it does not give me rule ID.
3) I need to find out how to get api key to access api's. Because passwords cannot be checked in code.
Any help on above 3 mentioned points will be highly appreciated.
The easiest way to find new violations with lots of details about the violations is to compare the builds using v1.7/staticAnalysisViolations.
Make two calls:
Determine what violations are new by identifying the violations with ids that exist in your_target_build but do not exist in your_baseline_build. In the response for your_target_build, you have additional information such as the rule id.
As an alternative, you can use v1.7/staticAnalysisViolations/changed. Make two calls:
Identify the new violations as those in the response to /staticAnalysisViolations/changed that have a targetFinding but do not have a baselineFinding. For this set of violations, find associated information such as the rule id by finding the corresponding violations in the response to your call to /staticAnalysisViolations.
/staticAnalysisViolations/changed exists primarily as a shorthand way for widgets and reports to calculate statistics without having to download the entire set of violations.
Regarding your point 3 ("I need to find out how to get api key to access api's..."), I'm not sure what to suggest. DTP supports basic auth, which requires a username and password. How to securely manage storing these credentials on the client side is a general problem -- not specific to DTP -- for programmatically accessing anything that requires credentials.0