SonarQube Cloud Integration
Integrate with SonarQube Cloud to check for vulnerabilities for your services in OpsLevel.
Our SonarQube Cloud integration automatically syncs data from SonarQube Cloud into your catalog. This integration powers Code Issue checks and populates Code Issues and Code Issue Projects on your Repositories and Services.
Add a SonarQube Cloud Integration
- In the OpsLevel app, Click Integrations in the left sidebar.
- Click on the + New Integration button.
- Click the SonarQube Cloud tile to add the integration.
- To set up this API-based integration, you need:
- A User Account with 'Administer System' permission
- A User Token associated with that User Account
- See the SonarQube Cloud docs for more information
- The Organization Key of the SonarQube Cloud organization that you want to pair with
- Your can find your organization key by going to My Account > Organizations, clicking your organization's name, and then looking for the Key: value at the top right of the organization's page.
Associating Code Issues with OpsLevel Services
In SonarQube Cloud, Code Issues are associated with/belong to Projects or "Code Issue Projects". OpsLevel utilizes "Service Suggestions" to provide you the opportunity to link your "Code Issue Projects" to new or existing Services.
During each data sync with SonarQube Cloud, OpsLevel will pull and store each of your SonarQube Cloud Projects. When any new Projects are imported, "Service Suggestions" are created which will allow you to attach your Projects (and thus your Code Issues for that Project) to a particular Service.
- If a Service exists with the same name as your SonarQube Cloud Project, a "Service Suggestion" will be created which encourages you to link the "Code Issue Project" with the existing Service.
- If a Service with the same name does not exist, a "Service Suggestion" will be created which encourages you to create a new service and to link it to the "Code Issue Project".
"Service Suggestions" can be found under "Catalog" > "Detected "Services" in your OpsLevel dashboard.
Create a Code Issues check
With the SonarQube Cloud integration, OpsLevel stores all code issues detected by SonarQube Cloud, such as vulnerabilities and config issues, in your catalog. You can run checks against your code issues using a Code Issue Check.
If you're checking for a specific CVE or CWE you can search for an exact match on the issue identifier.
For all code issue checks, you can set a resolution timeframe, and a maximum allowable number of code issues. Your check will begin to fail if the time between a code issue being detected and the code issue being fixed exceeds that timeframe for more than the maximum allowable number of issues.
To learn more about SonarQube Cloud, check out their getting started guide.
Updated about 1 month ago