SonarQube

Connect SonarQube to bring its results into BestDefense. Once connected and mapped, SonarQube findings power the Code Quality product, so you can review code-quality issues alongside the rest of your security posture.

Note

The SonarQube integration generally requires a Growth tier or higher. Check the current requirement and pricing in the app.

Connect SonarQube

1. Go to Integrations and open the SonarQube card.
2. Enter your SonarQube URL and an API token. (SonarQube connects with a token — there’s no OAuth flow.)
3. Save the connection. The card shows Connected.

The token needs read access to the projects you plan to map. Use a token scoped to those projects.

Caution

If you change the SonarQube URL, you’ll need to reconnect the integration.

Map projects to repositories

Connecting grants access; mapping tells BestDefense which results belong where. After connecting, map your SonarQube projects to your repositories so code-quality issues line up with the right codebase.

Next steps

• Review your results: Code Quality.
• File code-quality issues into your tracker: Jira.