Skip to main content

Sonarqube

SonarQube is a code quality and security analysis platform that helps development teams systematically improve code quality by detecting bugs, vulnerabilities, and code smells across multiple programming languages.

Sonarqube icon

Power end-to-end data operations for your Sonarqube API with Nexla. Our bi-directional Sonarqube connector is purpose-built for Sonarqube, making it simple to ingest data, sync it across systems, and deliver it anywhere — all with no coding required. Nexla turns API-sourced data into ready-to-use, reusable data products and makes it easy to send data to Sonarqube or any other destination. With comprehensive monitoring, lineage tracking, and access controls, Nexla keeps your Sonarqube workflows fast, secure, and fully governed.

Features

Type: API

SourceDestination

  • Seamless API Integration: Connect to any endpoint as source or destination without coding, with automatic data product creation
  • Visual Composition & Chaining: Build complex integrations using visual templates, chain API calls, and compose workflows with data validation and filtering
  • API Proxy: Expose curated slices of your data securely with a secure and customizable API proxy that validates and transforms data on the fly
  • Request optimization with intelligent batching, retry, and caching to minimize API calls and costs

Prerequisites

Before creating a SonarQube credential, you need to obtain your API Key (User Token) from your SonarQube account. SonarQube uses API Key authentication for all API requests, with the API key sent in the Authorization header with the Bearer prefix.

To obtain your SonarQube API Key, follow these steps:

  1. Sign in to your SonarQube account using your administrator credentials.

  2. Navigate to your user account settings by clicking your profile icon in the top right corner and selecting My Account or Account.

  3. In your account settings, navigate to Security or Tokens section.

  4. Look for the User Tokens or API Tokens section in your account settings.

  5. If you don't have an API token yet, look for the option to generate or create your user token.

  6. Click Generate Token or Create Token to create a new user token.

  7. Configure your user token settings:

    • Enter a name for the token (e.g., "Nexla Integration")
    • Review and select the token type (User Token or Project Token)
  8. Click Generate to create the user token.

  9. Copy the user token immediately after it's generated, as it may not be accessible again after you navigate away from the page.

  10. Store the user token securely, as you will need it to configure your Nexla credential. The user token is sensitive information and should be kept confidential.

The API key (user token) is sent in the Authorization: Bearer {token} header for all API requests to the SonarQube API. The token authenticates your requests and grants access to SonarQube resources based on your account permissions. If your API key is compromised, you should immediately revoke it in your SonarQube account settings and generate a new one. For detailed information about obtaining user tokens, API authentication, and available endpoints, refer to the SonarQube Web API documentation.

Authenticate

Credentials required

FieldRequiredSecretDescription
API Key ValueYesYes

Create a credential in Nexla

  1. After selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

New Credential Overlay – SonarQube

SonarQubeCred.png
  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

  2. Enter your SonarQube API Key Value in the API Key Value field. This is the user token you obtained from your SonarQube account settings (My Account > Security > User Tokens). The API key is sent in the Authorization: Bearer {token} header for all API requests to the SonarQube API and must be kept confidential.

    Your SonarQube API key (user token) can be found in your SonarQube account settings under My Account > Security > User Tokens. The API key is sent in the Authorization: Bearer {token} header for all API requests to the SonarQube API.

    If your API key is compromised, you should immediately revoke it in your SonarQube account settings and generate a new one. The API key provides access to your SonarQube account data and should be treated as sensitive information. Keep your API key secure and do not share it publicly.

    For detailed information about obtaining user tokens, API authentication, and available endpoints, see the SonarQube Web API documentation.

  3. Click the Save button at the bottom of the overlay. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation.

Use as a data source

To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Select the SonarQube connector tile, then select the credential that will be used to connect to your SonarQube account, and click Next; or, create a new SonarQube credential for use in this flow.

Endpoint templates

Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common SonarQube endpoints. Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below.

Components

This endpoint template retrieves components (applications, projects, etc.) from your SonarQube account. Use this template when you need to retrieve information about components, including component IDs, names, and other component metadata.

  • This endpoint automatically retrieves all components from your SonarQube account. The endpoint uses incrementing page-based pagination to handle large datasets efficiently, returning up to 100 records per page by default.

This endpoint returns components from your SonarQube account, including component IDs, names, and other component metadata. The endpoint uses incrementing page-based pagination with pageIndex and pageSize parameters to handle large datasets efficiently. Nexla will automatically fetch subsequent pages of data by incrementing the pageIndex parameter.

For detailed information about components, API response structures, pagination, and available component data, see the SonarQube Web API documentation.

Metrics

This endpoint template retrieves metrics from your SonarQube account. Use this template when you need to retrieve information about available metrics, including metric IDs, names, and other metric metadata.

  • This endpoint automatically retrieves all metrics from your SonarQube account. The endpoint uses incrementing page-based pagination to handle large datasets efficiently, returning up to 100 records per page by default.

This endpoint returns metrics from your SonarQube account, including metric IDs, names, and other metric metadata. The endpoint uses incrementing page-based pagination with pageIndex and pageSize parameters to handle large datasets efficiently. Nexla will automatically fetch subsequent pages of data by incrementing the pageIndex parameter.

For detailed information about metrics, API response structures, pagination, and available metric data, see the SonarQube Web API documentation.

Once the selected endpoint template has been configured, click the Test button to the right of the endpoint selection menu to retrieve a sample of the data that will be fetched. Sample data will be displayed in the Endpoint Test Result panel on the right, allowing you to verify that the source is configured correctly before saving.

Manual configuration

SonarQube data sources can also be manually configured to ingest data from any valid SonarQube API endpoint, including endpoints not covered by the pre-built templates, chained API calls, or custom request parameters. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, endpoint URL, date/time and lookup macros, path to data, metadata, and request headers.

SonarQube API typically uses the GET method for retrieving data (e.g., https://sonarqube.com/api/components/search, https://sonarqube.com/api/metrics/search). Use a Response Data Path such as $.components[*] or $.metrics[*] to extract the relevant records, and configure incrementing page-based pagination using the pageIndex and pageSize parameters.

Once all of the relevant settings have been configured, click the Next button to proceed with the rest of the data flow configuration, or click Save to save the data source configuration for later use.

Use as a destination

Click the + icon on the Nexset that will be sent to the SonarQube destination, and select the Send to Destination option from the menu. Select the SonarQube connector from the list of available destination connectors, then select the credential that will be used to connect to your SonarQube account, and click Next; or, create a new SonarQube credential for use in this flow.

Endpoint templates

Nexla provides pre-built templates that can be used to rapidly configure destinations to send data to common SonarQube endpoints. Select the endpoint to which data will be sent from the Endpoint pulldown menu. Then, click on the template in the list below to expand it, and follow the instructions to configure additional endpoint settings.

Add notification

This endpoint template allows you to add notifications in your SonarQube account using records from a Nexset. Use this template when you need to create notifications for users or groups in your SonarQube account.

  • This endpoint sends data as JSON in the request body to add notifications in your SonarQube account. Each record from your Nexset will be sent as a separate API request to create a new notification. The request body should contain the notification data in the format required by the SonarQube API.

This endpoint sends data as JSON in the request body to add notifications in your SonarQube account. Each record from your Nexset will be sent as a separate API request to create a new notification. The request body should contain the notification data in the format required by the SonarQube API, including notification type, recipient, and other notification properties.

The notification structure must match the SonarQube API's expected format. For detailed information about notification creation, request body formats, and available notification properties, see the SonarQube Web API documentation.

Set Project Tag

This endpoint template allows you to set project tags in your SonarQube account using records from a Nexset. Use this template when you need to assign tags to projects in your SonarQube account.

  • This endpoint sends data as JSON in the request body to set project tags in your SonarQube account. Each record from your Nexset will be sent as a separate API request to set tags for a project. The request body should contain the tag data in the format required by the SonarQube API.

This endpoint sends data as JSON in the request body to set project tags in your SonarQube account. Each record from your Nexset will be sent as a separate API request to set tags for a project. The request body should contain the tag data in the format required by the SonarQube API.

The tag structure must match the SonarQube API's expected format. For detailed information about project tag management, request body formats, and available tag properties, see the SonarQube Web API documentation.

Manual configuration

SonarQube destinations can also be manually configured to send data to any valid SonarQube API endpoint. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, data format, endpoint URL, request headers, attribute exclusions, record batching, and response webhooks.

SonarQube API typically uses the POST method and expects JSON format (e.g., https://sonarqube.com/api/notifications/add, https://sonarqube.com/api/project_tags/set). The request body is typically {message.json} to send the entire Nexset record as JSON, with field names matching the SonarQube API's expected structure for the endpoint you're using.

Save & activate

Once all endpoint settings have been configured, click the Done button in the upper right corner of the screen to save and create the destination. To send the data to the configured SonarQube endpoint, open the destination resource menu, and select Activate.

The Nexset data will not be sent to the SonarQube endpoint until the destination is activated. Destinations can be activated immediately or at a later time, providing full control over data movement.