Sprinto Dashboard

SonarCloud Integration

SonarCloud is a cloud-based platform tailored for continuous code quality inspection and code analysis. It serves as a comprehensive tool for developers and teams to assess and enhance the quality, security, and maintainability of their codebases.

How does this integration help Sprinto

This integration assists Sprinto in retrieving detected vulnerabilities from your SonarCloud account. According to data security compliance standards, all identified vulnerabilities must be resolved within the defined Service Level Agreement (SLA). Once a vulnerability is resolved and its status updated in SonarCloud, Sprinto detects the changes and updates the Sprinto check status to 'passing' for the resolved vulnerability.

Sprinto checks for Halo Security

Following are the Sprinto checks available for SonarCloud:

Sprinto check
Required action

SonarCloud vulnerability alert should be resolved within SLA

A vulnerability currently exists in the 'Open' status on your integrated Halo Security account. Please address the vulnerability from its source and close it on your Halo Security account.

Before you begin

  • Log in on Sprinto as administrator.

  • Ensure you have “Admin” access on the SonarCloud account you want to integrate.

  • Ensure your SonarCloud account is on Enterprise subscription plan to build this integration.

Integrate Sprinto with SonarCloud

  1. Get the API key from your SonarCloud account.

    • Log in to your SonarCloud account using your credentials or the available Single Sign-On (SSO) option.

    • Click on the profile icon at the top and select My Account.

    • Select the Security tab, enter a token name, and click Generate token.

    • Copy the API key and save it securely. We will need this key to build integration on Sprinto.

    • Select the Organizations tab, and copy the organization key highlighted next to the organization.

  2. Integrate SonarCloud on Sprinto.

    • Go to Security Hub > Settings > Integrations > Available, and click Connect next to SonarCloud.

    • Read the on-screen instructions, and click Next.

    • On Integrations page, enter the API and Organization key that you copied from step 1 and click Connect.

  3. Adding SonarCloud as a Vulnerability scanner tool on Sprinto.

    • Go to Security Hub > Vulnerabilities > Overview, and click + Add monitoring source.

    • Click Choose next to SonarCloud.

    • Click Add SonarCloud to complete the process. If required, you can click Manage to modify the selected projects. By default, all created projects on SonarClouds are selected.

Final step

After completing Step 3, allow 15 to 20 minutes for Sprinto to finish the data syncing process. Sprinto may take a few hours to evaluate the synced data and activate relevant Sprinto checks. If needed, go to Security hub > People and click SonarCloud to review the pending Sprinto checks.

If you need any assistance with the integration, kindly get in touch with Sprinto support.

PreviousSocket IntegrationNextSonarQube Integration

Last updated