Once you have setup your SonarQube servers, you just need to use the SonarQube Connector CWE Top 25 Macro, with this Macro you will display Top 25 Most Dangerous Software Weaknesses list for configured projects.
You have to complete these parameters:
- SonarQube server: this is a dropdown list with the SonarQube servers configured through the plugin settings.
- Resource Key: This is the key of the SonarQube resource where you are going to retrieve the quality metrics. You can get this key from your SonarQube project dashboard or your sonar-project analysis parameters. You can setup more than one resource/project key by providing a comma separated list of resource keys. Measures will be aggregated into a unique view of all the projects together.
- Note: Enterprise portfolio are also supported you can enter the portfolio name here.
- Tags :This is an optional field. You can get the projects through the tags associated with them in SonarQube/SonarCloud. These tags can be obtained from your project page in SonarQube/SonarCloud or from the analysis properties. You can configure more than one tag by specifying a comma separated list of tags. The results will be aggregated in a single view with all the resources together.
- CWE Year: you can select the CWE Year to retrieve the information based on that year's Top 25 CWE.
- Branch: Name of the branch (visible in the SonarQube UI)
- Only available on single project configuration
