Code Quality

Code Quality brings your SonarQube static-analysis results into BestDefense, so you can review bugs, code smells, and security hotspots in the same place you review security findings. Once SonarQube is connected, a Code Quality dashboard lists those issues and lets you act on them.

Note

Code Quality is generally available on the Growth tier and higher. Check the current pricing in the app for what your plan includes.

Connecting SonarQube

Set up the connection on the Integrations page:

1. Connect SonarQube by entering your SonarQube URL and an API token. There’s no OAuth flow — the token is how BestDefense reads your analysis results.
2. Map your SonarQube projects to your repositories so each issue lines up with the right repo.

See SonarQube for the full integration walkthrough.

Repository mapping

A mapping connects a SonarQube project to one of your repositories. This is what lets BestDefense show each code-quality issue against the right repo and keep results organized as you scale to more projects.

Using the dashboard

The Code Quality dashboard lists your SonarQube issues. From there you can:

• Filter by issue type, severity, or repository.
• Open an issue to see its details; the issue links out to SonarQube for the full context.
• Resolve issues individually or in bulk once they’re addressed.
• Create a Jira ticket from an issue if Jira is connected, so the work lands in your existing tracker.

Keeping results fresh

Results sync from SonarQube on a periodic schedule. You can also trigger a sync manually whenever you want the dashboard to reflect your latest analysis right away.

Tip

Run a manual sync after a fresh SonarQube analysis so the BestDefense dashboard shows your newest issues without waiting for the next scheduled sync.

Related

• SonarQube — connect and configure the integration.
• Jira — turn issues into tracked tickets.