SonarQube Enterprise Edition configuration
sonarqube is the leading tool for continuously inspecting the code quality and security of codebases and guiding development teams during code reviews for devops intelligence to pull data from sonarqube, you must configure a sonarqube account the setup for devops integration with sonarqube, requires several procedures, most of which are in devops intelligence, but the initial procedure requires access to the sonarqube console prerequisites the following items are prerequisite to configuration sonarqube account the administrator should have an active sonarqube account on the instance for which the connection is intended access to a sonarqube instance ensure that you have access to the specific sonarqube instance where the projects, test suites and test cases are hosted use the url or web address of the sonarqube instance user want to connect to project membership users must be part of the sonarqube projects you intend to access ensure that users have the necessary project membership to retrieve information about projects, test suites and test cases access policy as platform administrator and devops intelligence administrator ensure that the user has the necessary access policies the user should have the platform administrator role to create and manage connections effectively users must also have the devops intelligence administrator role, which allows them to create and manage configurations review and execute the content in the following sections in the order they are presented integration of sonarqube with devops intelligence the process for onboarding sonarqube comprises the following steps, each of which is a multistep procedure create a personal access token create a connection configure the application onboard the sonarqube technical service creating a sonarqube access token use the following procedure to create a sonarqube access token navigate to the top right corner of the sonarqube homepage click on your profile picture and select my account go to the security tab provide the token name click on generate creating a connection establishing a devops intelligence connection to sonarqube is prerequisite to configuring the service use the following procedure click on app manager → iam → connections → add new → add connection choose platform from the connection type dropdown list select sonarqube provide a local account name for reference add the host sonarqube api url of the sonarqube host (e g ,https //sonarqube kyndryl net/) use the sonarqube token you created in the previous section (create a sonarqube token) if you are using a proxy adapter, provide the proxyid uuid a proxy adapter is necessary when you want to access a service or system with a different interface than your application expects when archive is enabled, the connection is archived for future use configuring devops intelligence for sonarqube for secure phase, recent customers this procedure is valid only for customers onboarded 6 june, 2024 or after procedures for legacy customers are provided in the subsequent configure devops intelligence for sonarqube, legacy customers navigate to devops intelligence → settings & utilities → application configurations select an existing application or create a new application navigate to add tools step select the phase as secure sonarqube is compatible in test and secure phases click add tool configuration select secure categories static scan select sonarqube for tool engine complete the required information, categorized by the three tabs release the tool configuration inherits the release prefix and variable from the application to override these values at the tool level, click the edit button and make the necessary changes changing the values here will not affect the release prefix and variable set in the application data will be pulled only if releasename can be extracted from branchname, making releasename identical to branchname data will also be pulled for branches with the main parameter is set to true, apart from the identified release branches prefix signifies the starting sequence of characters for releases, with the default value being empty variable signifies the starting sequence of characters for releases, with the default value being empty devops intelligence use the release id to identify release names and the release branches severity devops intelligence considers severity category to be captured into five levels map your applications bug severity with predefined severity levels (blocker, critical, major, minor, info) state map your bug status to two states resolved or unresolved select all the bugs for which status is resolved, all those for which bug statuses which is unresolved click add configuration configuring devops intelligence for sonarqube for test phase this procedure is valid only for customers onboarded 6 june, 2024 or after procedures for legacy customers are provided in the subsequent configure devops intelligence for sonarqube, legacy customers navigate to devops intelligence → settings & utilities → application configurations select an existing application or create a new application navigate to add tools step select the phase as testsecure note sonarqube is compatible in test and secure phases press add tool configuration select sonarqube for tool engine complete the required information categorized into two tabs, release and test analysis parameter see the previous usage notes for release title construction provide the environement name to be used for analysis in test analysis click add configuration onboarding the technical service having configured devops intelligence to pull data from sonarqube, you must now onboard it as a technical service take in consideration the following caveats sonarqube can be configured only at the project level multiple metrics can be selected against projects metrics is merely way to restrict which data is available to users for a given project sonarqube syncs only data available with connections configured against it at the project level, technical services are always configured as mutually exclusive – i if two users having the same privileges attempt to onboard technical services for the same project, only the first user is allowed to create the technical service; it will not be listed for the second user to onboard to onboard technical services navigate to devops intelligence → settings & utilities → application configurations click on overflow menu for the chosen application and click onboard technical service select the phase for which you want to configure sonarqube select secure category select the tool engine as sonarqube connection select the connection name from the drop down deleting the sonarqube technical service the administrator may, at will, delete the sonarqube technical service use the following procedure navigate to devops intelligence → settings & utilities → application configurations expand the application to see all the associated phases click the overflow menu associated with the phase ( test or secure ) click delete technical service in the case of secure phase, you must also select the secure category as static scan select the tool engine as sonarqube select the project click delete technical service reviewing test suite data in devops intelligence after devops intelligence has been fully configured, devops intelligence displays all test suites being tracked by sonarqube in the table view at the bottom of the test page the view provides general information about each test suite such as status (how many tests were skipped, passed, failed, and blocked), total number of tests in the suite, and the execution date detailed information about each suite are available by clicking the overflow menu for that test suite and selecting view details devops intelligence responds by navigating to the details page for that suite, where additional information regarding activity and history is available the activity tab presents a graphic presentation of the tabular data on the table the historical details tab presents additional details such as code smells and bugs on both tabs you have the option of selecting a time frame for testing from the duration control located in the upper right configuring devops intelligence for sonarqube, legacy customers this procedure is valid only for customers onboarded before 6 june 2024 use the following procedure to configure devops intelligence for sonarqube navigate to devops intelligence → settings & utilities → tools configuration → add configuration select sonarqube as the tool engine under connection , select the appropriate connection name select the project and metrics you want to track in devops intelligence specific metrics are optional; devops intelligence will track all default metrics please take notice of the following service configuration caveats configurations can only be configured at the project level multiple metrics can be selected against projects selected metrics restrict data to that required for a given project devops intelligence only syncs the data available from the selected connection configured against it at the project level, service configurations are always configured as mutually exclusive that is, if two users having the same privileges attempt to create service configuration for the same project, only the first user is allowed to create the service configuration this is because after the first user has completed the configuration process, the project is already configured the project will not be listed for the second user to configure