← ClaudeAtlas

sonarcloud-security-exportinglisted

Export SonarCloud security issues (vulnerabilities and hotspots) for NASA PDS repositories to CSV or JSON. Use when the user requests to export, download, or fetch SonarCloud security data, vulnerability reports, or security issue lists for PDS projects.
NASA-PDS/pds-agent-skills · ★ 1 · Data & Documents · score 67
Install: claude install-skill NASA-PDS/pds-agent-skills
# SonarCloud Security Exporting Skill This skill fetches all security-related issues (vulnerabilities and security hotspots) from SonarCloud for all repositories under the NASA PDS organization and exports them to CSV or JSON format for security triage. **Formats:** - **CSV** (default): Flat format for spreadsheet review - **JSON**: Rich format with code snippets, rule details, and metadata for AI-assisted triage ## Prerequisites - Node.js v18 or higher - SonarCloud API token with read access to nasa-pds organization ## How It Works 1. **Authenticate**: Uses SonarCloud API token (from `SONARCLOUD_TOKEN` environment variable or prompts user) 2. **Fetch Projects**: Queries `/api/projects/search?organization=nasa-pds` to get all repositories 3. **Query Vulnerabilities**: For each project, calls `/api/issues/search` with `types=VULNERABILITY` 4. **Query Hotspots**: For each project, calls `/api/hotspots/search` 5. **Enrich Data** (JSON only): Fetches rule details, code snippets, and metadata 6. **Export**: Combines results into CSV or JSON format ## Execution Steps ### Step 0: Confirm Output Directory Before writing any files, ask the user where to save output: ``` Where should I save the export files? 1. Current directory: <show $PWD> 2. /tmp 3. Custom path (enter below) ``` Use their choice as the output directory for all files written in this session. Store it as `OUTPUT_DIR`. **Important:** Never write output files inside the skill's own directory (the direc