@mitre/hdf-converters 2.12.2 → 2.13.0

package/lib/src/sonarqube-mapper.js

@@ -15,19 +15,30 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
 }) : function(o, v) {
     o["default"] = v;
 });
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SonarqubeResults = exports.SonarqubeMapper = void 0;
 const axios_1 = __importDefault(require("axios"));
+const rax = __importStar(require("retry-axios"));
 const _ = __importStar(require("lodash"));
 const semver_1 = require("semver");
 const inspecjs_1 = require("inspecjs");
@@ -38,6 +49,7 @@ const CweNistMapping_1 = require("./mappings/CweNistMapping");
 const OwaspNistMapping_1 = require("./mappings/OwaspNistMapping");
 const global_1 = require("./utils/global");
 const logger = (0, global_1.createWinstonLogger)('SonarQube2HDF');
+// the Sonarqube schema typings are meant to support the four versions out right now (8, 9, 10, and 2025/25).  9 and 25 are supposed to be LTS releases.  8 is currently used by the Sonarcloud deployment though Sonarqube POCs say that it is no longer supported / they do not see many deployments of it.
 var SonarqubeVersion;
 (function (SonarqubeVersion) {
     SonarqubeVersion["Eight"] = "8.0.0";
@@ -45,6 +57,7 @@ var SonarqubeVersion;
     SonarqubeVersion["Ten"] = "10.0.0";
     SonarqubeVersion["Twenty_five"] = "2025.0.0";
 })(SonarqubeVersion || (SonarqubeVersion = {}));
+// intentionally open ended to support versions less than 8, but it is unlikely that they will be out there based on discussions with Sonar engineers
 function isSonarqubeVersionEight(version) {
     const nextHigherVersion = SonarqubeVersion.Nine;
     const v = (0, semver_1.coerce)(version);
@@ -70,13 +83,25 @@ function isSonarqubeVersionTen(version) {
     return (0, semver_1.lt)(v, nextHigherVersion);
 }
 function isSonarqubeVersionTwenty_five(version) {
-    const nextHigherVersion = '2026.0.0';
+    const nextHigherVersion = '2026.0.0'; // using 26 for now, but I am unsure what the actual next major version will be - this function can be changed once we identify the next version that contains impactful breaking changes
     const v = (0, semver_1.coerce)(version);
     if (v === null) {
         throw new Error(`Was not able to coerce ${version} into a semver compatible version string`);
     }
     return (0, semver_1.lt)(v, nextHigherVersion);
 }
+function isBeforeSonarqubeVersion(version, comparisonVersion) {
+    const v = (0, semver_1.coerce)(version);
+    if (v === null) {
+        throw new Error(`Was not able to coerce ${version} into a semver compatible version string`);
+    }
+    const cv = (0, semver_1.coerce)(comparisonVersion);
+    if (cv === null) {
+        throw new Error(`Was not able to coerce ${comparisonVersion} into a semver compatible version string`);
+    }
+    return (0, semver_1.lt)(v, cv);
+}
+// https://docs.sonarsource.com/sonarqube-server/latest/user-guide/rules/overview/#how-severities-are-assigned
 const IMPACT_MAPPING = new Map([
     ['blocker', 1.0],
     ['critical', 0.7],
@@ -89,7 +114,7 @@ const OWASP_NIST_MAPPING = new OwaspNistMapping_1.OwaspNistMapping();
 function parseOwaspInSysTags(issue) {
     return issue.ruleInformation.rule.sysTags
         .filter((s) => s.toLowerCase().startsWith('owasp-'))
-        .map((t) => t.substring('owasp-'.length).toUpperCase());
+        .map((t) => t.substring('owasp-'.length).toUpperCase()); // this will just look like 'A3'
 }
 function parseOwaspTags(issue) {
     let searchSpace = '';
@@ -102,7 +127,7 @@ function parseOwaspTags(issue) {
     }
     const searchSpaceMatches = [
         ...searchSpace.matchAll(/> ?OWASP.*?(Top .*?A\d\d?)/gu)
-    ].map((m) => m[1]);
+    ].map((m) => m[1]); // get the capture group which looks like 'Top 10 2021 Category A1'
     const sysTagMatches = parseOwaspInSysTags(issue);
     const totalMatches = searchSpaceMatches.concat(sysTagMatches);
     if (totalMatches.length) {
@@ -119,270 +144,285 @@ function parseCweTags(issue) {
     if (rule.descriptionSections) {
         searchSpace += rule.descriptionSections.map((s) => s.content).join('');
     }
-    const uniqueCwes = _.uniq(searchSpace.match(/CWE-\d\d\d?\d?\d?\d?\d/gi));
+    const uniqueCwes = _.uniq(searchSpace.match(/CWE-\d\d\d?\d?\d?\d?\d/gi)); // CWE IDs are embedded inside of the HTML
     if (uniqueCwes.length) {
         return uniqueCwes;
     }
     return undefined;
 }
 function parseNistTags(issue) {
-    var _a, _b;
-    const uniqueNist = _.uniq(((_a = parseCweTags(issue)) !== null && _a !== void 0 ? _a : [])
+    const uniqueNist = _.uniq((parseCweTags(issue) ?? [])
         .flatMap((t) => CWE_NIST_MAPPING.nistFilter(t.split('-')[1]))
-        .concat(((_b = parseOwaspInSysTags(issue)) !== null && _b !== void 0 ? _b : []).flatMap((t) => OWASP_NIST_MAPPING.nistFilterNoDefault(t))));
+        .concat(
+    // adding in the systags' owasp tag since in older sonarqube versions sometimes no other guidance alignment is provided
+    (parseOwaspInSysTags(issue) ?? []).flatMap((t) => OWASP_NIST_MAPPING.nistFilterNoDefault(t))));
     if (uniqueNist.length) {
         return uniqueNist;
     }
-    return ['SA-11'];
+    return ['SA-11']; // Sonarqube is a static code analysis tool so we'll use SA-11 (DEVELOPER SECURITY TESTING AND EVALUATION) to handle all the bugs and code smells as a default for whenever it doesn't have security guidance to give us.  Explicitly not using RA-5 (VULNERABILITY SCANNING) since all of those seem to have guidance associated with them.
 }
 class SonarqubeMapper extends base_converter_1.BaseConverter {
-    constructor(data, withRaw = false) {
-        super(data);
-        this.data = data;
-        this.mappings = {
-            platform: {
-                name: 'Heimdall Tools',
-                release: package_json_1.version
-            },
-            version: package_json_1.version,
-            statistics: {},
-            profiles: [
-                {
-                    name: 'SonarQube Scan',
-                    version: {
-                        transformer: (data) => `SonarQube v${data.sonarqubeVersion}`
-                    },
-                    title: {
-                        transformer: (data) => {
-                            const branch = data.branchName ? ` branch ${data.branchName}` : '';
-                            const pullrequest = data.pullRequestID
-                                ? ` pull request ${data.pullRequestID}`
-                                : '';
-                            const org = data.organization
-                                ? ` organization ${data.organization}`
-                                : '';
-                            return `SonarQube Scan of project ${data.projectKey} on ${data.sonarqubeHost} at ${new Date().toISOString()}${data.branchName || data.pullRequestID || data.organization ? ' using' : ''}${[branch, pullrequest, org].filter((s) => s).join(',')}`;
-                        }
-                    },
-                    supports: [],
-                    attributes: [],
-                    groups: [],
-                    status: 'loaded',
-                    controls: [
-                        {
-                            path: 'search.issues',
-                            key: 'id',
-                            desc: {
-                                transformer: (issue) => {
-                                    const rule = issue.ruleInformation.rule;
-                                    if ('htmlDesc' in rule) {
-                                        return rule.htmlDesc;
-                                    }
-                                    if (!rule.descriptionSections) {
-                                        return '';
-                                    }
-                                    const def = rule.descriptionSections.find((d) => d.key === 'default');
-                                    if (def) {
-                                        return def.content;
-                                    }
-                                    const introduction = rule.descriptionSections.find((d) => d.key === 'introduction');
-                                    const rootcause = rule.descriptionSections.find((d) => d.key === 'root_cause');
-                                    return [introduction, rootcause]
-                                        .filter((s) => s !== undefined)
-                                        .map((s) => s.content)
-                                        .join('\n');
+    data;
+    withRaw;
+    mappings = {
+        platform: {
+            name: 'Heimdall Tools',
+            release: package_json_1.version
+        },
+        version: package_json_1.version,
+        statistics: {},
+        profiles: [
+            {
+                name: 'SonarQube Scan',
+                version: {
+                    transformer: (data) => `SonarQube v${data.sonarqubeVersion}`
+                },
+                title: {
+                    transformer: (data) => {
+                        const branch = data.branchName ? ` branch ${data.branchName}` : '';
+                        const pullrequest = data.pullRequestID
+                            ? ` pull request ${data.pullRequestID}`
+                            : '';
+                        const org = data.organization
+                            ? ` organization ${data.organization}`
+                            : '';
+                        return `SonarQube Scan of project ${data.projectKey} on ${data.sonarqubeHost} at ${new Date().toISOString()}${data.branchName || data.pullRequestID || data.organization ? ' using' : ''}${[branch, pullrequest, org].filter((s) => s).join(',')}`;
+                    }
+                },
+                supports: [],
+                attributes: [],
+                groups: [],
+                status: 'loaded',
+                controls: [
+                    {
+                        path: 'search.issues',
+                        key: 'id',
+                        desc: {
+                            transformer: (issue) => {
+                                const rule = issue.ruleInformation.rule;
+                                if ('htmlDesc' in rule) {
+                                    return rule.htmlDesc;
                                 }
-                            },
-                            refs: [],
-                            source_location: {},
-                            id: { path: 'rule' },
-                            title: { path: 'ruleInformation.rule.name' },
-                            impact: {
-                                path: 'severity',
-                                transformer: (0, base_converter_1.impactMapping)(IMPACT_MAPPING)
-                            },
-                            tags: {
-                                cci: {
-                                    transformer: (issue) => { var _a; return (0, global_1.getCCIsForNISTTags)((_a = parseNistTags(issue)) !== null && _a !== void 0 ? _a : []); }
-                                },
-                                nist: { transformer: parseNistTags },
-                                cweid: { transformer: parseCweTags },
-                                owasp: { transformer: parseOwaspTags },
-                                createdAt: { path: 'ruleInformation.rule.createdAt' },
-                                debtRemFnType: { path: 'ruleInformation.rule.debtRemFnType' },
-                                defaultDebtRemFnType: {
-                                    path: 'ruleInformation.rule.defaultDebtRemFnType'
-                                },
-                                isExternal: { path: 'ruleInformation.rule.isExternal' },
-                                isTemplate: { path: 'ruleInformation.rule.isTemplate' },
-                                langName: { path: 'ruleInformation.rule.langName' },
-                                remFnBaseEffort: { path: 'ruleInformation.rule.remFnBaseEffort' },
-                                remFnOverloaded: { path: 'ruleInformation.rule.remFnOverloaded' },
-                                remFnType: { path: 'ruleInformation.rule.remFnType' },
-                                repo: { path: 'ruleInformation.rule.repo' },
-                                scope: { path: 'ruleInformation.rule.scope' },
-                                ruleSeverity: { path: 'ruleInformation.rule.severity' },
-                                status: { path: 'ruleInformation.rule.status' },
-                                transformer: (issue) => {
-                                    var _a, _b, _c, _d, _e, _f, _g, _h;
-                                    return ({
-                                        ...(0, global_1.conditionallyProvideAttribute)('Actives', issue.ruleInformation.actives, issue.ruleInformation.actives.length !== 0),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Clean Code Attribute', issue.ruleInformation.rule.cleanCodeAttribute, ((_a = issue.ruleInformation.rule.cleanCodeAttribute) === null || _a === void 0 ? void 0 : _a.length) !== 0),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Clean Code Attribute Category', issue.ruleInformation.rule.cleanCodeAttributeCategory, ((_b = issue.ruleInformation.rule.cleanCodeAttributeCategory) === null || _b === void 0 ? void 0 : _b.length) !== 0),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Debt Overloaded', 'debtOverloaded' in issue.ruleInformation.rule &&
-                                            issue.ruleInformation.rule.debtOverloaded, 'debtOverloaded' in issue.ruleInformation.rule &&
-                                            issue.ruleInformation.rule.debtOverloaded !== undefined),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Debt Rem Fn Coeff', 'debtRemFnCoeff' in issue.ruleInformation.rule &&
-                                            issue.ruleInformation.rule.debtRemFnCoeff, 'debtRemFnCoeff' in issue.ruleInformation.rule &&
-                                            issue.ruleInformation.rule.debtRemFnCoeff !== undefined),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Debt Rem Fn Offset', 'debtRemFnOffset' in issue.ruleInformation.rule &&
-                                            issue.ruleInformation.rule.debtRemFnOffset, 'debtRemFnOffset' in issue.ruleInformation.rule),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Default Debt Rem Fn Coeff', 'defaultDebtRemFnCoeff' in issue.ruleInformation.rule &&
-                                            issue.ruleInformation.rule.defaultDebtRemFnCoeff, 'defaultDebtRemFnCoeff' in issue.ruleInformation.rule &&
-                                            issue.ruleInformation.rule.defaultDebtRemFnCoeff !==
-                                                undefined),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Default Debt Rem Fn Offset', 'defaultDebtRemFnOffset' in issue.ruleInformation.rule &&
-                                            issue.ruleInformation.rule.defaultDebtRemFnOffset, 'defaultDebtRemFnOffset' in issue.ruleInformation.rule),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Education Principles', 'educationPrinciples' in issue.ruleInformation.rule &&
-                                            issue.ruleInformation.rule.educationPrinciples, 'educationPrinciples' in issue.ruleInformation.rule &&
-                                            ((_c = issue.ruleInformation.rule.educationPrinciples) === null || _c === void 0 ? void 0 : _c.length) !== 0),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Effort To Fix Description', 'effortToFixDescription' in issue.ruleInformation.rule &&
-                                            issue.ruleInformation.rule.effortToFixDescription, 'effortToFixDescription' in issue.ruleInformation.rule &&
-                                            issue.ruleInformation.rule.effortToFixDescription !==
-                                                undefined),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Impacts', issue.ruleInformation.rule.impacts, ((_d = issue.ruleInformation.rule.impacts) === null || _d === void 0 ? void 0 : _d.length) !== 0),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Issue Type Vulnerability', true, issue.type === 'VULNERABILITY'),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Issue Type Bug', true, issue.type === 'BUG'),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Issue Type Code Smell', true, issue.type === 'CODE_SMELL'),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Params', issue.ruleInformation.rule.params, ((_e = issue.ruleInformation.rule.params) === null || _e === void 0 ? void 0 : _e.length) !== 0),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Security Standards', issue.ruleInformation.rule.securityStandards, ((_f = issue.ruleInformation.rule.securityStandards) === null || _f === void 0 ? void 0 : _f.length) !== 0),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Sys Tags', issue.ruleInformation.rule.sysTags, ((_g = issue.ruleInformation.rule.sysTags) === null || _g === void 0 ? void 0 : _g.length) !== 0),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Tags', issue.ruleInformation.rule.tags, ((_h = issue.ruleInformation.rule.tags) === null || _h === void 0 ? void 0 : _h.length) !== 0),
-                                        ...(0, global_1.conditionallyProvideAttribute)('Updated At', 'updatedAt' in issue.ruleInformation.rule &&
-                                            issue.ruleInformation.rule.updatedAt, 'updatedAt' in issue.ruleInformation.rule)
-                                    });
+                                if (!rule.descriptionSections) {
+                                    return '';
                                 }
+                                const def = rule.descriptionSections.find((d) => d.key === 'default');
+                                if (def) {
+                                    return def.content;
+                                }
+                                const introduction = rule.descriptionSections.find((d) => d.key === 'introduction');
+                                const rootcause = rule.descriptionSections.find((d) => d.key === 'root_cause');
+                                return [introduction, rootcause]
+                                    .filter((s) => s !== undefined)
+                                    .map((s) => s.content)
+                                    .join('\n');
+                            }
+                        },
+                        refs: [],
+                        source_location: {},
+                        id: { path: 'rule' },
+                        title: { path: 'ruleInformation.rule.name' },
+                        impact: {
+                            path: 'severity',
+                            transformer: (0, base_converter_1.impactMapping)(IMPACT_MAPPING)
+                        },
+                        tags: {
+                            cci: {
+                                transformer: (issue) => (0, global_1.getCCIsForNISTTags)(parseNistTags(issue) ?? [])
                             },
-                            results: [
-                                {
-                                    status: inspecjs_1.ExecJSON.ControlResultStatus.Failed,
-                                    code_desc: { path: 'codeSnippet' },
-                                    start_time: { path: 'creationDate' },
-                                    message: {
-                                        transformer: (issue) => {
-                                            var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
-                                            return JSON.stringify({
-                                                Message: issue.message,
-                                                Author: issue.author,
-                                                'Creation Date': issue.creationDate,
-                                                Debt: issue.debt,
-                                                Effort: issue.effort,
-                                                ...(0, global_1.conditionallyProvideAttribute)('Issue Status', issue.issueStatus, ((_a = issue.issueStatus) === null || _a === void 0 ? void 0 : _a.length) !== 0),
-                                                ...(0, global_1.conditionallyProvideAttribute)('Resolution', issue.resolution, ((_b = issue.resolution) === null || _b === void 0 ? void 0 : _b.length) !== 0),
-                                                Status: issue.status,
-                                                'Update Date': issue.updateDate,
-                                                ...(0, global_1.conditionallyProvideAttribute)('Actions', issue.actions, ((_c = issue.actions) === null || _c === void 0 ? void 0 : _c.length) !== 0),
-                                                ...(0, global_1.conditionallyProvideAttribute)('Attr', issue.attr, issue.attr !== undefined),
-                                                ...(0, global_1.conditionallyProvideAttribute)('Code Variants', 'codeVariants' in issue && issue.codeVariants, 'codeVariants' in issue &&
-                                                    ((_d = issue.codeVariants) === null || _d === void 0 ? void 0 : _d.length) !== 0),
-                                                ...(0, global_1.conditionallyProvideAttribute)('Comments', issue.comments, ((_e = issue.comments) === null || _e === void 0 ? void 0 : _e.length) !== 0),
-                                                ...(0, global_1.conditionallyProvideAttribute)('Flows', issue.flows, ((_f = issue.flows) === null || _f === void 0 ? void 0 : _f.length) !== 0),
-                                                ...(0, global_1.conditionallyProvideAttribute)('From Hotspot', 'fromHotspot' in issue && issue.fromHotspot, 'fromHotspot' in issue &&
-                                                    issue.fromHotspot !== undefined &&
-                                                    issue.fromHotspot !== null),
-                                                Hash: issue.hash,
-                                                Key: issue.key,
-                                                ...(0, global_1.conditionallyProvideAttribute)('Message Formattings', issue.messageFormattings, ((_g = issue.messageFormattings) === null || _g === void 0 ? void 0 : _g.length) !== 0),
-                                                ...(0, global_1.conditionallyProvideAttribute)('Prioritized Rule', 'prioritizedRule' in issue && issue.prioritizedRule, 'prioritizedRule' in issue),
-                                                ...(0, global_1.conditionallyProvideAttribute)('Project Name', issue.projectName, ((_h = issue.projectName) === null || _h === void 0 ? void 0 : _h.length) !== 0),
-                                                ...(0, global_1.conditionallyProvideAttribute)('Quick Fix Available', 'quickFixAvailable' in issue &&
-                                                    issue.quickFixAvailable, 'quickFixAvailable' in issue &&
-                                                    issue.quickFixAvailable !== undefined),
-                                                ...(0, global_1.conditionallyProvideAttribute)('Rule Description Context Key', 'ruleDescriptionContextKey' in issue &&
-                                                    issue.ruleDescriptionContextKey, 'ruleDescriptionContextKey' in issue &&
-                                                    ((_j = issue.ruleDescriptionContextKey) === null || _j === void 0 ? void 0 : _j.length) !== 0),
-                                                ...(0, global_1.conditionallyProvideAttribute)('Tags', issue.tags, ((_k = issue.tags) === null || _k === void 0 ? void 0 : _k.length) !== 0),
-                                                ...(0, global_1.conditionallyProvideAttribute)('Transitions', issue.transitions, ((_l = issue.transitions) === null || _l === void 0 ? void 0 : _l.length) !== 0)
-                                            }, null, 2);
-                                        }
-                                    }
+                            nist: { transformer: parseNistTags },
+                            cweid: { transformer: parseCweTags },
+                            owasp: { transformer: parseOwaspTags },
+                            createdAt: { path: 'ruleInformation.rule.createdAt' },
+                            debtRemFnType: { path: 'ruleInformation.rule.debtRemFnType' },
+                            defaultDebtRemFnType: {
+                                path: 'ruleInformation.rule.defaultDebtRemFnType'
+                            },
+                            isExternal: { path: 'ruleInformation.rule.isExternal' },
+                            isTemplate: { path: 'ruleInformation.rule.isTemplate' },
+                            langName: { path: 'ruleInformation.rule.langName' },
+                            remFnBaseEffort: { path: 'ruleInformation.rule.remFnBaseEffort' },
+                            remFnOverloaded: { path: 'ruleInformation.rule.remFnOverloaded' },
+                            remFnType: { path: 'ruleInformation.rule.remFnType' },
+                            repo: { path: 'ruleInformation.rule.repo' },
+                            scope: { path: 'ruleInformation.rule.scope' },
+                            ruleSeverity: { path: 'ruleInformation.rule.severity' },
+                            status: { path: 'ruleInformation.rule.status' },
+                            transformer: (issue) => ({
+                                ...(0, global_1.conditionallyProvideAttribute)('Actives', issue.ruleInformation.actives, issue.ruleInformation.actives.length !== 0),
+                                ...(0, global_1.conditionallyProvideAttribute)('Clean Code Attribute', issue.ruleInformation.rule.cleanCodeAttribute, issue.ruleInformation.rule.cleanCodeAttribute?.length !== 0),
+                                ...(0, global_1.conditionallyProvideAttribute)('Clean Code Attribute Category', issue.ruleInformation.rule.cleanCodeAttributeCategory, issue.ruleInformation.rule.cleanCodeAttributeCategory
+                                    ?.length !== 0),
+                                ...(0, global_1.conditionallyProvideAttribute)('Debt Overloaded', 'debtOverloaded' in issue.ruleInformation.rule &&
+                                    issue.ruleInformation.rule.debtOverloaded, 'debtOverloaded' in issue.ruleInformation.rule &&
+                                    issue.ruleInformation.rule.debtOverloaded !== undefined),
+                                ...(0, global_1.conditionallyProvideAttribute)('Debt Rem Fn Coeff', 'debtRemFnCoeff' in issue.ruleInformation.rule &&
+                                    issue.ruleInformation.rule.debtRemFnCoeff, 'debtRemFnCoeff' in issue.ruleInformation.rule &&
+                                    issue.ruleInformation.rule.debtRemFnCoeff !== undefined),
+                                ...(0, global_1.conditionallyProvideAttribute)('Debt Rem Fn Offset', 'debtRemFnOffset' in issue.ruleInformation.rule &&
+                                    issue.ruleInformation.rule.debtRemFnOffset, 'debtRemFnOffset' in issue.ruleInformation.rule),
+                                ...(0, global_1.conditionallyProvideAttribute)('Default Debt Rem Fn Coeff', 'defaultDebtRemFnCoeff' in issue.ruleInformation.rule &&
+                                    issue.ruleInformation.rule.defaultDebtRemFnCoeff, 'defaultDebtRemFnCoeff' in issue.ruleInformation.rule &&
+                                    issue.ruleInformation.rule.defaultDebtRemFnCoeff !==
+                                        undefined),
+                                ...(0, global_1.conditionallyProvideAttribute)('Default Debt Rem Fn Offset', 'defaultDebtRemFnOffset' in issue.ruleInformation.rule &&
+                                    issue.ruleInformation.rule.defaultDebtRemFnOffset, 'defaultDebtRemFnOffset' in issue.ruleInformation.rule),
+                                ...(0, global_1.conditionallyProvideAttribute)('Education Principles', 'educationPrinciples' in issue.ruleInformation.rule &&
+                                    issue.ruleInformation.rule.educationPrinciples, 'educationPrinciples' in issue.ruleInformation.rule &&
+                                    issue.ruleInformation.rule.educationPrinciples?.length !== 0),
+                                ...(0, global_1.conditionallyProvideAttribute)('Effort To Fix Description', 'effortToFixDescription' in issue.ruleInformation.rule &&
+                                    issue.ruleInformation.rule.effortToFixDescription, 'effortToFixDescription' in issue.ruleInformation.rule &&
+                                    issue.ruleInformation.rule.effortToFixDescription !==
+                                        undefined),
+                                ...(0, global_1.conditionallyProvideAttribute)('Impacts', issue.ruleInformation.rule.impacts, issue.ruleInformation.rule.impacts?.length !== 0),
+                                ...(0, global_1.conditionallyProvideAttribute)('Issue Type Vulnerability', true, issue.type === 'VULNERABILITY'),
+                                ...(0, global_1.conditionallyProvideAttribute)('Issue Type Bug', true, issue.type === 'BUG'),
+                                ...(0, global_1.conditionallyProvideAttribute)('Issue Type Code Smell', true, issue.type === 'CODE_SMELL'),
+                                ...(0, global_1.conditionallyProvideAttribute)('Params', issue.ruleInformation.rule.params, issue.ruleInformation.rule.params?.length !== 0),
+                                ...(0, global_1.conditionallyProvideAttribute)('Security Standards', issue.ruleInformation.rule.securityStandards, issue.ruleInformation.rule.securityStandards?.length !== 0),
+                                ...(0, global_1.conditionallyProvideAttribute)('Sys Tags', issue.ruleInformation.rule.sysTags, issue.ruleInformation.rule.sysTags?.length !== 0),
+                                ...(0, global_1.conditionallyProvideAttribute)('Tags', issue.ruleInformation.rule.tags, issue.ruleInformation.rule.tags?.length !== 0),
+                                ...(0, global_1.conditionallyProvideAttribute)('Updated At', 'updatedAt' in issue.ruleInformation.rule &&
+                                    issue.ruleInformation.rule.updatedAt, 'updatedAt' in issue.ruleInformation.rule)
+                            })
+                        },
+                        results: [
+                            {
+                                status: inspecjs_1.ExecJSON.ControlResultStatus.Failed,
+                                code_desc: { path: 'codeSnippet' },
+                                start_time: { path: 'creationDate' },
+                                message: {
+                                    transformer: (issue) => JSON.stringify({
+                                        // Explanation of the violation
+                                        Message: issue.message,
+                                        // Useful information
+                                        Author: issue.author,
+                                        'Creation Date': issue.creationDate,
+                                        Debt: issue.debt,
+                                        Effort: issue.effort,
+                                        ...(0, global_1.conditionallyProvideAttribute)('Issue Status', issue.issueStatus, issue.issueStatus?.length !== 0),
+                                        ...(0, global_1.conditionallyProvideAttribute)('Resolution', issue.resolution, issue.resolution?.length !== 0),
+                                        Status: issue.status,
+                                        'Update Date': issue.updateDate,
+                                        // all the rest
+                                        ...(0, global_1.conditionallyProvideAttribute)('Actions', issue.actions, issue.actions?.length !== 0),
+                                        ...(0, global_1.conditionallyProvideAttribute)('Attr', issue.attr, issue.attr !== undefined),
+                                        ...(0, global_1.conditionallyProvideAttribute)('Code Variants', 'codeVariants' in issue && issue.codeVariants, 'codeVariants' in issue &&
+                                            issue.codeVariants?.length !== 0),
+                                        ...(0, global_1.conditionallyProvideAttribute)('Comments', issue.comments, issue.comments?.length !== 0),
+                                        ...(0, global_1.conditionallyProvideAttribute)('Flows', issue.flows, issue.flows?.length !== 0),
+                                        ...(0, global_1.conditionallyProvideAttribute)('From Hotspot', 'fromHotspot' in issue && issue.fromHotspot, 'fromHotspot' in issue &&
+                                            issue.fromHotspot !== undefined &&
+                                            issue.fromHotspot !== null),
+                                        Hash: issue.hash,
+                                        Key: issue.key,
+                                        ...(0, global_1.conditionallyProvideAttribute)('Message Formattings', issue.messageFormattings, issue.messageFormattings?.length !== 0),
+                                        ...(0, global_1.conditionallyProvideAttribute)('Prioritized Rule', 'prioritizedRule' in issue && issue.prioritizedRule, 'prioritizedRule' in issue),
+                                        ...(0, global_1.conditionallyProvideAttribute)('Project Name', issue.projectName, issue.projectName?.length !== 0),
+                                        ...(0, global_1.conditionallyProvideAttribute)('Quick Fix Available', 'quickFixAvailable' in issue &&
+                                            issue.quickFixAvailable, 'quickFixAvailable' in issue &&
+                                            issue.quickFixAvailable !== undefined),
+                                        ...(0, global_1.conditionallyProvideAttribute)('Rule Description Context Key', 'ruleDescriptionContextKey' in issue &&
+                                            issue.ruleDescriptionContextKey, 'ruleDescriptionContextKey' in issue &&
+                                            issue.ruleDescriptionContextKey?.length !== 0),
+                                        ...(0, global_1.conditionallyProvideAttribute)('Tags', issue.tags, issue.tags?.length !== 0),
+                                        ...(0, global_1.conditionallyProvideAttribute)('Transitions', issue.transitions, issue.transitions?.length !== 0)
+                                    }, null, 2)
                                 }
-                            ],
-                            transformer: () => ({
-                                descriptions: {
-                                    transformer: (issue) => {
-                                        const rule = issue.ruleInformation.rule;
-                                        if (rule.descriptionSections &&
-                                            rule.descriptionSections.length > 0) {
-                                            const def = rule.descriptionSections.find((d) => d.key === 'default');
-                                            const introduction = rule.descriptionSections.find((d) => d.key === 'introduction');
-                                            const rootcause = rule.descriptionSections.find((d) => d.key === 'root_cause');
-                                            const check = rule.descriptionSections.find((d) => d.key === 'assess_the_problem');
-                                            const fix = rule.descriptionSections.find((d) => d.key === 'how_to_fix');
-                                            const remainder = rule.descriptionSections.filter((d) => ![
-                                                'default',
-                                                'introduction',
-                                                'root_cause',
-                                                'assess_the_problem',
-                                                'how_to_fix'
-                                            ].includes(d.key));
-                                            const sections = [
-                                                def,
-                                                def ? introduction : undefined,
-                                                def ? rootcause : undefined,
-                                                check,
-                                                fix,
-                                                ...remainder
-                                            ]
-                                                .filter((s) => s !== undefined)
-                                                .map((s) => ({
-                                                data: s.content,
-                                                label: s.key === 'assess_the_problem'
-                                                    ? 'check'
-                                                    : s.key === 'how_to_fix'
-                                                        ? 'fix'
-                                                        : s.key
-                                            }));
-                                            if (sections) {
-                                                return sections;
-                                            }
+                            }
+                        ],
+                        transformer: () => ({
+                            descriptions: {
+                                transformer: (issue) => {
+                                    const rule = issue.ruleInformation.rule;
+                                    if (rule.descriptionSections &&
+                                        rule.descriptionSections.length > 0) {
+                                        const def = rule.descriptionSections.find((d) => d.key === 'default');
+                                        const introduction = rule.descriptionSections.find((d) => d.key === 'introduction');
+                                        const rootcause = rule.descriptionSections.find((d) => d.key === 'root_cause');
+                                        const check = rule.descriptionSections.find((d) => d.key === 'assess_the_problem');
+                                        const fix = rule.descriptionSections.find((d) => d.key === 'how_to_fix');
+                                        const remainder = rule.descriptionSections.filter((d) => ![
+                                            'default',
+                                            'introduction',
+                                            'root_cause',
+                                            'assess_the_problem',
+                                            'how_to_fix'
+                                        ].includes(d.key));
+                                        const sections = [
+                                            def,
+                                            def ? introduction : undefined,
+                                            def ? rootcause : undefined,
+                                            check,
+                                            fix,
+                                            ...remainder
+                                        ]
+                                            .filter((s) => s !== undefined)
+                                            .map((s) => ({
+                                            data: s.content,
+                                            label: s.key === 'assess_the_problem'
+                                                ? 'check'
+                                                : s.key === 'how_to_fix'
+                                                    ? 'fix'
+                                                    : s.key
+                                        }));
+                                        if (sections) {
+                                            return sections;
                                         }
-                                        return null;
                                     }
+                                    return null;
                                 }
-                            })
+                            }
+                        })
+                    }
+                ],
+                sha256: ''
+            }
+        ],
+        passthrough: {
+            transformer: (data) => {
+                return {
+                    auxiliary_data: [
+                        {
+                            name: 'SonarQube',
+                            data: {
+                                ..._.omit(data, 'search.issues')
+                            }
                         }
                     ],
-                    sha256: ''
-                }
-            ],
-            passthrough: {
-                transformer: (data) => {
-                    return {
-                        auxiliary_data: [
-                            {
-                                name: 'SonarQube',
-                                data: {
-                                    ..._.omit(data, 'search.issues')
-                                }
-                            }
-                        ],
-                        ...(0, global_1.conditionallyProvideAttribute)('raw', data, this.withRaw)
-                    };
-                }
+                    ...(0, global_1.conditionallyProvideAttribute)('raw', data, this.withRaw)
+                };
             }
-        };
+        }
+    };
+    constructor(data, withRaw = false) {
+        super(data);
+        this.data = data;
         this.withRaw = withRaw;
     }
 }
 exports.SonarqubeMapper = SonarqubeMapper;
+// Sonarqube used to require using the user token as the username and supplying no password, but added the bearer token method as an option in 10.x.  The bearer token method became the only allowed version in 25.x.
 var AuthenticationMethod;
 (function (AuthenticationMethod) {
     AuthenticationMethod[AuthenticationMethod["TokenAsUsername"] = 0] = "TokenAsUsername";
     AuthenticationMethod[AuthenticationMethod["BearerToken"] = 1] = "BearerToken";
 })(AuthenticationMethod || (AuthenticationMethod = {}));
 class SonarqubeResults {
-    constructor(sonarqubeHost, projectKey, userToken, branchName, pullRequestID, organization, withRaw = false) {
+    sonarqubeHost;
+    projectKey;
+    userToken;
+    branchName;
+    pullRequestID;
+    organization;
+    withRaw;
+    excludeIssueStatuses;
+    authMethod;
+    axiosClient;
+    constructor(sonarqubeHost, projectKey, userToken, branchName, // if branch/pr are not specified, then sonarqube uses the default branch
+    pullRequestID, organization, // sometimes the organization parameter is required for the api/rules/show endpoint - we try to grab it from the issue, but this is here to ensure a fallback if necessary
+    withRaw = false, excludeIssueStatuses // user-supplied comma-separated list of additional issue statuses to EXCLUDE from results
+    ) {
         this.sonarqubeHost = sonarqubeHost;
         this.projectKey = projectKey;
         this.userToken = userToken;
@@ -390,12 +430,29 @@ class SonarqubeResults {
         this.pullRequestID = pullRequestID;
         this.organization = organization;
         this.withRaw = withRaw;
+        this.excludeIssueStatuses = excludeIssueStatuses;
+        this.axiosClient = axios_1.default.create();
+        const MAX_RETRIES = 5;
+        this.axiosClient.defaults.raxConfig = {
+            retry: MAX_RETRIES,
+            onError: async (e) => {
+                const cfg = rax.getConfig(e);
+                if (cfg?.currentRetryAttempt !== null &&
+                    cfg?.currentRetryAttempt !== undefined) {
+                    logger.debug(`Error occurred: retry attempt #${cfg?.currentRetryAttempt}/${MAX_RETRIES} will happen after backoff`);
+                }
+                else {
+                    this.logAxiosError(e);
+                }
+            }
+        };
+        rax.attach(this.axiosClient);
     }
     logAxiosError(e) {
         if (e.response) {
             logger.debug('response');
             logger.debug(e.response.status);
-            logger.debug(e.response.data);
+            logger.debug((0, util_1.inspect)(e.response.data, { depth: 3 }));
         }
         if (e.request) {
             logger.debug('request');
@@ -406,19 +463,121 @@ class SonarqubeResults {
             logger.debug('Error', e.message);
         }
     }
-    async getSearchResults() {
-        let paging = true;
-        let page = 1;
-        const results = {
-            components: [],
-            effortTotal: 0,
-            facets: [],
-            issues: [],
-            paging: { pageIndex: 0, pageSize: 0, total: 0 }
+    // Default statuses to exclude from results (deny-list approach)
+    // Pre-10.4 legacy: CLOSED issues are end-of-life (rule deleted/disabled or component removed)
+    // 10.4+: FALSE_POSITIVE (user says not real), FIXED (no longer in code, purged after 30 days)
+    static DEFAULT_DENY_LIST_LEGACY = ['CLOSED'];
+    static DEFAULT_DENY_LIST_MODERN = ['FALSE_POSITIVE', 'FIXED'];
+    async discoverIssueStatuses(sonarqubeVersion) {
+        const isLegacy = isBeforeSonarqubeVersion(sonarqubeVersion, '10.4.0');
+        const statusParamKey = isLegacy ? 'statuses' : 'issueStatuses';
+        // Step 1: Discover all valid statuses from the server via /api/webservices/list
+        let allStatuses;
+        try {
+            const response = await this.axiosClient.get(`${this.sonarqubeHost}/api/webservices/list`, {
+                ...(this.authMethod === AuthenticationMethod.TokenAsUsername && {
+                    auth: { username: this.userToken, password: '' }
+                }),
+                ...(this.authMethod === AuthenticationMethod.BearerToken && {
+                    headers: { Authorization: `Bearer ${this.userToken}` }
+                })
+            });
+            const issuesService = response.data.webServices?.find((ws) => ws.path === 'api/issues');
+            const searchAction = issuesService?.actions?.find((a) => a.key === 'search');
+            const statusParam = searchAction?.params?.find((p) => p.key === statusParamKey);
+            if (statusParam?.possibleValues?.length) {
+                allStatuses = statusParam.possibleValues.map((s) => s.toUpperCase());
+                logger.info(`Available issue statuses from server: ${allStatuses.join(',')}`);
+            }
+            else {
+                throw new Error(`Webservices list returned no possibleValues for ${statusParamKey}. ` +
+                    `Raw param data: ${JSON.stringify(statusParam)}`);
+            }
+        }
+        catch (e) {
+            // Step 2: Fallback to hardcoded full status list if discovery fails
+            allStatuses = isLegacy
+                ? ['OPEN', 'REOPENED', 'CONFIRMED', 'RESOLVED', 'CLOSED']
+                : [
+                    'OPEN',
+                    'CONFIRMED',
+                    'FALSE_POSITIVE',
+                    'ACCEPTED',
+                    'FIXED',
+                    'IN_SANDBOX'
+                ];
+            logger.warn(`Could not discover statuses from server, using fallback: ${allStatuses.join(',')}`);
+            logger.debug((0, util_1.inspect)(e, { depth: 3 }));
+        }
+        // Step 3: Determine which deny-list to use
+        const defaultDenyList = isLegacy
+            ? SonarqubeResults.DEFAULT_DENY_LIST_LEGACY
+            : SonarqubeResults.DEFAULT_DENY_LIST_MODERN;
+        let denySet;
+        if (this.excludeIssueStatuses) {
+            // User-supplied deny-list REPLACES the defaults entirely
+            const userExclusions = this.excludeIssueStatuses
+                .split(',')
+                .map((s) => s.trim().toUpperCase())
+                .filter((s) => s.length > 0);
+            denySet = new Set(userExclusions);
+            // Smart nag: compare user list against defaults
+            const defaultSet = new Set(defaultDenyList);
+            const sameAsDefault = defaultSet.symmetricDifference(denySet).size === 0;
+            if (sameAsDefault) {
+                logger.info(`Exclusion list matches the defaults (${[...defaultSet].join(',')}). ` +
+                    `You can omit --excludeIssueStatuses unless you want to be explicit.`);
+            }
+            else {
+                logger.warn(`Custom status exclusions applied: ${userExclusions.join(',')} ` +
+                    `(replaces defaults: ${defaultDenyList.join(',')}). ` +
+                    `If this exclusion should be a default, please consider filing an issue at ` +
+                    `https://github.com/mitre/heimdall2/issues`);
+            }
+        }
+        else {
+            // No user override — use defaults
+            denySet = new Set(defaultDenyList);
+            logger.info(`Using default status exclusions: ${defaultDenyList.join(',')}`);
+        }
+        // Step 4: Filter statuses and log the result
+        const excluded = allStatuses.filter((s) => denySet.has(s));
+        const result = allStatuses.filter((s) => !denySet.has(s));
+        if (result.length === 0) {
+            logger.warn(`All statuses were excluded by the deny-list. This will likely return no results. ` +
+                `Available: ${allStatuses.join(',')} | Excluded: ${excluded.join(',')}`);
+        }
+        logger.info(`Querying with issue statuses: ${result.join(',')} (excluded: ${excluded.join(',')})`);
+        return result.join(',');
+    }
+    async getSearchResults(sonarqubeVersion) {
+        const UPPER_LIMIT = 10000; // there is an upper limit of 10000 search results provided for any given search query (i.e. everything aside from the paging information): https://community.sonarsource.com/t/cannot-get-more-than-10000-results-through-web-api/3662
+        const discoveredStatuses = await this.discoverIssueStatuses(sonarqubeVersion);
+        const PAGE_SIZE = 100;
+        const createSearch = async (component, page, pageSize = PAGE_SIZE) => {
+            return this.axiosClient.get(`${this.sonarqubeHost}/api/issues/search`, {
+                ...(this.authMethod === AuthenticationMethod.TokenAsUsername && {
+                    auth: { username: this.userToken, password: '' }
+                }),
+                ...(this.authMethod === AuthenticationMethod.BearerToken && {
+                    headers: { Authorization: `Bearer ${this.userToken}` }
+                }),
+                params: {
+                    [isBeforeSonarqubeVersion(sonarqubeVersion, '10.2.0')
+                        ? 'componentKeys'
+                        : 'components']: component,
+                    ...(isBeforeSonarqubeVersion(sonarqubeVersion, '10.4.0')
+                        ? { statuses: discoveredStatuses }
+                        : { issueStatuses: discoveredStatuses }),
+                    p: page,
+                    ps: pageSize,
+                    ...(this.branchName && { branch: this.branchName }),
+                    ...(this.pullRequestID && { pullRequest: this.pullRequestID })
+                }
+            });
         };
-        while (paging) {
-            await axios_1.default
-                .get(`${this.sonarqubeHost}/api/issues/search`, {
+        const createComponentSearch = async (component, page, pageSize = PAGE_SIZE) => {
+            return this.axiosClient.get(`${this.sonarqubeHost}/api/components/tree`, {
                 ...(this.authMethod === AuthenticationMethod.TokenAsUsername && {
                     auth: { username: this.userToken, password: '' }
                 }),
@@ -426,29 +585,110 @@ class SonarqubeResults {
                     headers: { Authorization: `Bearer ${this.userToken}` }
                 }),
                 params: {
-                    componentKeys: this.projectKey,
-                    statuses: 'OPEN,REOPENED,CONFIRMED,RESOLVED',
+                    component: component,
+                    strategy: 'children',
                     p: page,
+                    ps: pageSize,
                     ...(this.branchName && { branch: this.branchName }),
                     ...(this.pullRequestID && { pullRequest: this.pullRequestID })
                 }
-            })
-                .then(({ data }) => {
-                _.mergeWith(results, data, (objValue, srcValue) => _.isArray(objValue) ? objValue.concat(srcValue) : undefined);
-                paging =
-                    data.paging.pageIndex * data.paging.pageSize <= data.paging.total;
-                page += 1;
-            })
-                .catch((e) => {
-                this.logAxiosError(e);
-                return Promise.reject(new Error('Failed at getting Sonarqube issue'));
             });
+        };
+        // intentionally doing the await in a loop so as to slow down requests a tad bit in order to avoid any rate limit issues
+        const collectPagedSearch = async (component, sizeCheck = false) => {
+            let paging = true;
+            let page = 1;
+            const results = {
+                components: [],
+                effortTotal: 0,
+                facets: [],
+                issues: [],
+                paging: { pageIndex: 0, pageSize: 0, total: 0 }
+            };
+            while (sizeCheck ? page === 1 : paging) {
+                console.log(results);
+                await createSearch(component, page)
+                    .then(({ data }) => {
+                    _.mergeWith(results, data, (objValue, srcValue) => _.isArray(objValue) ? objValue.concat(srcValue) : undefined);
+                    // only need to check if it exceeds the upper limit, if it's less than the upper limit and we request a page that goes past the page total then it just returns fewer results without throwing an error
+                    paging =
+                        data.paging.pageIndex * data.paging.pageSize <= data.paging.total;
+                    page += 1;
+                })
+                    .catch((e) => {
+                    this.logAxiosError(e);
+                    throw new Error('Failed at retrieving Sonarqube issues');
+                });
+                if (page * PAGE_SIZE > UPPER_LIMIT) {
+                    logger.warn(`Exceeded SonarQube cap of ${UPPER_LIMIT} results for findings of or under the ${component} component.  Remaining findings may be truncated.`);
+                    paging = false;
+                }
+            }
+            results.components = _.uniqBy(results.components, 'key'); // sometimes components will be duplicated if an issue on one page applies to the same component as an issue on another page.  additionally at minimum the top level project will show up in every search result
+            return results;
+        };
+        const collectPagedComponentSearch = async (component) => {
+            let paging = true;
+            let page = 1;
+            const results = {
+                paging: { pageIndex: 0, pageSize: 0, total: 0 },
+                baseComponent: {
+                    key: 'fake',
+                    description: 'fake',
+                    qualifier: 'fake',
+                    tags: [],
+                    visibility: 'false'
+                },
+                components: []
+            };
+            while (paging) {
+                await createComponentSearch(component, page)
+                    .then(({ data }) => {
+                    _.mergeWith(results, data, (objValue, srcValue) => _.isArray(objValue) ? objValue.concat(srcValue) : undefined);
+                    paging =
+                        data.paging.pageIndex * data.paging.pageSize <= data.paging.total;
+                    page += 1;
+                })
+                    .catch((e) => {
+                    this.logAxiosError(e);
+                    throw new Error('Failed at retrieving the list of components');
+                });
+                if (page * PAGE_SIZE > UPPER_LIMIT) {
+                    logger.warn(`Exceeded SonarQube cap of ${UPPER_LIMIT} results for the search for children of the ${component} component.  Remaining set of components may be truncated.`);
+                    paging = false;
+                }
+            }
+            return results;
+        };
+        const results = await collectPagedSearch(this.projectKey, true);
+        const queue = [this.projectKey];
+        while (queue.length > 0) {
+            const component = queue.shift();
+            if (component === undefined) {
+                // unreachable code since we check that there are items in the queue; however, it helps typescript narrow the type properly
+                continue;
+            }
+            const sizeCheck = await collectPagedSearch(component, true);
+            if (sizeCheck.paging.total > UPPER_LIMIT) {
+                const componentSearch = await collectPagedComponentSearch(component);
+                queue.push(...componentSearch.components.map((c) => c.key));
+            }
+            const componentResults = await collectPagedSearch(component);
+            _.mergeWith(results, componentResults, (objValue, srcValue) => _.isArray(objValue) ? objValue.concat(srcValue) : objValue);
+        }
+        results.components = _.uniqBy(results.components, 'key');
+        results.issues = _.uniqBy(results.issues, 'key');
+        if (results.paging.total === results.issues.length) {
+            logger.warn('Alternative search queries were able to retrieve all findings.');
+        }
+        else {
+            logger.warn(`Alternative search queries were not able to retrieve all findings - ${results.paging.total - results.issues.length} findings were not retrieved.`);
         }
         return results;
     }
     async getCodeSnippets(issues) {
         const getFullFile = async (component) => {
-            return axios_1.default
+            return this.axiosClient
                 .get(`${this.sonarqubeHost}/api/sources/raw`, {
                 ...(this.authMethod === AuthenticationMethod.TokenAsUsername && {
                     auth: { username: this.userToken, password: '' }
@@ -477,7 +717,7 @@ class SonarqubeResults {
             const linenumberedFile = applyLineNumber(fullFiles[component]);
             const snippet = linenumberedFile
                 .split('\n')
-                .slice(Math.max(startLine - 3, 0), endLine + 3)
+                .slice(Math.max(startLine - 3, 0), endLine + 3) // slice wraps around if the start is less than 0 so we want to put a bounds check there to ensure we start at the top of the file; however, if the end is past the end of the array then it just goes until the end of the array so no bounds check is required there
                 .join('\n')
                 .trim();
             const location = `${component}:${startLine}-${endLine}\n`;
@@ -489,15 +729,23 @@ class SonarqubeResults {
             : [issue.component]));
         const fullFilePromises = await Promise.all(components.map((component) => getFullFile(component)));
         const fullFiles = Object.fromEntries(_.zip(components, fullFilePromises));
-        const snippets = issues.map((issue) => issue.flows.length
-            ? issue.flows
-                .flatMap((flow) => flow.locations.map((location) => getContextualizedSnippet(fullFiles, location.component, location.textRange.startLine, location.textRange.endLine, location.msg)))
-                .join('\n')
-            : getContextualizedSnippet(fullFiles, issue.component, issue.textRange.startLine, issue.textRange.endLine));
+        const snippets = issues.map((issue) => {
+            if (issue.flows.length) {
+                return issue.flows
+                    .flatMap((flow) => flow.locations.map((location) => getContextualizedSnippet(fullFiles, location.component, location.textRange.startLine, location.textRange.endLine, location.msg)))
+                    .join('\n');
+            }
+            else if (issue.textRange) {
+                return getContextualizedSnippet(fullFiles, issue.component, issue.textRange.startLine, issue.textRange.endLine);
+            }
+            else {
+                return '';
+            }
+        });
         return snippets;
     }
     async getRules(issues) {
-        const getRule = async (rule, organization) => axios_1.default
+        const getRule = async (rule, organization) => this.axiosClient
             .get(`${this.sonarqubeHost}/api/rules/show`, {
             ...(this.authMethod === AuthenticationMethod.TokenAsUsername && {
                 auth: { username: this.userToken, password: '' }
@@ -509,7 +757,7 @@ class SonarqubeResults {
                 key: rule,
                 ...((organization || this.organization) && {
                     organization: organization || this.organization
-                })
+                }) // seems to be required for sonarcloud at least
             }
         })
             .then(({ data }) => data)
@@ -524,7 +772,7 @@ class SonarqubeResults {
         return rules;
     }
     async generateHdf(sonarqubeVersion) {
-        const searchResults = await this.getSearchResults();
+        const searchResults = await this.getSearchResults(sonarqubeVersion);
         logger.debug(`Got ${searchResults.issues.length} issues`);
         const codeSnippets = await this.getCodeSnippets(searchResults.issues);
         logger.debug(`Got ${codeSnippets.length} code snippets`);
@@ -549,7 +797,7 @@ class SonarqubeResults {
         return new SonarqubeMapper(data, this.withRaw).toHdf();
     }
     async toHdf() {
-        const sonarqubeVersion = await axios_1.default
+        const sonarqubeVersion = await this.axiosClient
             .get(`${this.sonarqubeHost}/api/server/version`)
             .then(({ data }) => data);
         logger.debug(`Generating HDF for ${this.sonarqubeHost} version: ${sonarqubeVersion}`);