SonarCloud

SonarCloud is the cloud based static analysis tool. SonarCloud offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security recommendations.

Integration Method: API

Tables: Detection Finding

Integration Capabilities 

DataBee integrates with SonarCloud to get code issue information. DataBee integrates by connecting to an API endpoint which retrieves a list of issues details.  This integration has been tested against the SonarCloud API’s.

SonarCloud Configuration

To use the SonarCloud API’s, we need a bearer token for authentication. The keys needs to be saved for use in the DataBee console.

• Open your SonarCloud console and log in using your credentials.

• Click on your username in the top-right corner and select My Account from the dropdown menu.

• In your account settings, find the Security tab.

• Under the Security tab, you will find a section to generate new tokens.

• Enter a descriptive name for your token (e.g., "API Access").

• Click the Generate button.

• Once generated, the token will be displayed only once. Make sure to copy and save it in a secure location.

DataBee Configuration

Use the saved secrets and keys to configure DataBee. Detailed setup documentation can be found at https://docs.databee.buzz/docs/api-ingest

1. Log on to the DataBee console

2. Go to the Data tab and click the Add New Data Source

3. Search for SonarQube and click on the API Ingest button.

4. In the first dialog, enter the contact information, and click Next

5. In the configuration dialog box, enter the following information

   • Authorization Method: Bearer Token

   • Token: Enter the token generated in the previous step

   • API endpoints: Enter the following URLs if the boxes are not prepopulated.

https://sonarqube.com/api/organizations/search

https://sonarqube.com/api/projects/search?organization=<key>

https://sonarqube.com/api/issues/search?projects=<key>