Sprinto Dashboard

SonarQube Integration

SonarQube is a popular self-hosted code inspection tool that organizations use to monitor the code repositories for identifying potential vulnerabilities.

How this integration helps

If a potential vulnerability exists in the production marked code repository, SonarQube detects the vulnerability and notifies you to resolve the vulnerability within the defined SLA.

Monitor: Vulnerability detected by SonarQube must be closed within the SLA.

Required action: Resolve the detected vulnerability from the source code before the monitor status moves to “Failing.”

Prerequisites for integrating

  • Log in to Sprinto as administrator.

  • Ensure that you have “Admin” access on the SonarQube account you want to integrate.

How to integrate Sprinto with SonarQube

  1. Take the following steps to get the Token key from the SonarQube account:

    1. Go to your SonarQube self-hosted link and log in with your credentials, or with the available Single Sign-On (SSO) options.

    2. Click on your avatar icon on the top right side.

    3. Select the Security tab. Fill in the following details, and click Generate to generate a new token for Sprinto: Note: Make sure you fill the token details as mentioned below. Failure to do so may result in issues with the integration.

      • Name: Sprinto

      • Type: User token

      • Expires in: No expiration

    4. Copy the token key and save it securely. You’ll need this token key on Sprinto to set up integration.

  2. On Sprinto app, go to Security Hub > Settings > Available integrations and click Connect next to SonarQube.

  3. On Integrations page, select the acknowledgement checkbox and click Connect to SonarQube.

  4. On Connect SonnarQube account page, fill-in the following details and click Connect SonarQube:

    • API Token: Enter the API token you copied earlier from SonarQube portal.

    • SonarQube URL: User your self-hosted SonarQube login link.

  5. Go to Security Hub > Vulnerabilities and click on Add monitoring source.

  6. On Add vulnerability monitoring source page, click Choose next to SonarQube.

  7. If required, click Manage and select the projects you want to monitor from your SonarQube account, then click Select Project. Note: By default, Sprinto selects all projects for monitoring from the SonarQube account.

  8. Click Add SonarQube to complete the integration process.

PreviousSonarCloud IntegrationNextSophos Integration

Last updated