announcement
product
Introducing the new SonarQube source plugin
Code quality insights with SonarQube and CloudQuery #
In this blog post, we'll guide you through the setup process and showcase how CloudQuery can transform raw SonarQube data into actionable insights. Get ready to dive deep into your organization’s projects code quality, identify potential risks, and make informed decisions that will save you time, money, and headaches down the line.
New SonarQube Source Plugin #
The new plugin can get a lot of information from your SonarQube instances - ALM integrations, tasks, users, groups, projects, rules, hotspots, issues, and much more. You can gain insights into your data and go through it in any manner you prefer.
Setting Up #
Here’s a step-by-step guide on how to configure the SonarQube Source Plugin and use the data collected from your instance.
- Obtain your API Key: Start by getting the API Key from the SonarQube platform - follow these instructions
- Install CloudQuery CLI: Download and install the CloudQuery CLI on your machine by following steps on our download page.
- Set up the Sync Configuration: Create a CloudQuery configuration file by running the following init command. You can use any supported destination, for this example, we will use PostgreSQL:
cloudquery init --source sonarqube --destination postgresql - Update the Configuration File: Open the generated
sonarqube_to_postgres.yamlfile in your editor. Replace the placeholders:${SONARQUBE_BASE_URL}with the base URL to your instance (a local instance would behttp://localhost:9000)${SONARQUBE_USER_TOKEN}with the token generated in step 1. Also set theauth_modetotoken. Or alternatively, use${SONARQUBE_USER}and${SONARQUBE_PASSWORD}, and use your credentials, or a dedicated SonarQube user.${POSTGRESQL_CONNECTION_STRING}with connection string to your PostgreSQL database.
- Sync with CloudQuery:
- Log in using
cloudquery login- Run the following command:
cloudquery sync sonarqube_to_postgres.yamlFor more details, refer to the SonarQube Source Plugin documentation.
Querying Synced Data #
Let’s explore how to use SQL to query the synced data.
Note that these examples assume the data was synced using the SonarQube to PostgreSQL configuration.
Get Issue count per severity for all your projects #
SELECT
project,
impact->>'severity' AS severity,
COUNT(*) AS issue_count
FROM
sonarqube_issues,
JSONB_ARRAY_ELEMENTS(impacts) AS impact
WHERE
issue_status = 'OPEN'
GROUP BY
project,
severity
ORDER BY
project,
severity;Get user info for all users in a specific SonarQube group #
SELECT
u.*
FROM
sonarqube_users u
JOIN
sonarqube_group_memberships gm ON u.id = gm.user_id
JOIN
sonarqube_groups g ON gm.group_id = g.id
WHERE
g.name = 'sonar-users';Get all issues for a project that require more than 20min of effort #
You could possibly use some automation to automatically create Jira tickets for all of these issues (probably it would be a good idea to only do it for high severity issues)
SELECT
i.key,
i.project,
i.message,
i.effort,
i.impacts
FROM
sonarqube_issues i,
JSONB_ARRAY_ELEMENTS(i.impacts) AS impact
WHERE
i.issue_status = 'OPEN'
AND impact->>'severity' = 'HIGH'
AND (
(i.effort LIKE '%h%')
OR
(i.effort LIKE '%d%')
OR
(i.effort LIKE '%min%' AND
CAST(SUBSTRING(i.effort, 1, POSITION('min' IN i.effort) - 1) AS INTEGER) >= 20))
ORDER BY
i.projectWith the SonarQube Source Plugin, you can work with you data, fine tune and create new querying to solve your problems or bring your ideas to life. Once you sync the data- you’ll have all of it within your destination of choice, whether it’s Postgres, MySQL, BigQuery, or any other supported destination.
Get Started Today #
You try CloudQuery locally with our quick start guide, or explore CloudQuery Cloud for a more scalable solution.
The SonarQube Source Plugin is available now.
Got feedback or suggestions?: Join the CloudQuery Community to connect with other users and experts
Written by Bartosz Leśniewski
Bartosz is a Senior Software Engineer at CloudQuery specializing in Golang code development with over five years of experience in various roles.
