SonarQube

img

note

First time using SonarQube? Please refer to the following documentation

Introduction#

Consolidate vulnerabilities: From a single console you can consolidate and apply analysis of vulnerabilities identified by scan, develop action plans for the treatment of vulnerabilities.

The integration allows the import of issues (vulnerabilities) found in SonarQube to Conviso Platform, allowing the user to take advantage of Conviso Platform full potential for vulnerability management.

Requirements#

  • SonarQube Username;

  • SonarQube Password;

  • SonarQube URL;

  • Project Key (optional).

Configuring SonarQube#

Login to SonarQube. Please write down the SonarQube URL, Username and Password;

From the top menu bar, select Projects and create a New Project. Label the Project Key with a unique name (remember to write down this key, you will need it later), label the Display Name as you wish and then click on the Set Up button:

img

Label your new token as you wish and then click on the Generate button to create it:

img

Choose your Language, OS type and then click on the Copy button at the text box labeled Execute the Scanner from your computer:

img

Conviso Platform Setup#

Log in to the Conviso Platform;

On the main menu to the left, click on Integrations. At the panel to the right, click on the Scanners option, then click on the Integrate button on the SonarQube card:

img

Fill the form with the data retrieved from SonarQube. Note that if you not fill the Project Key, all of your SonarQube Projects will be imported to Conviso Platform. When done, click on the Save button to store your integration configuration settings:

img

Connecting Conviso Platform Assets to SonarQube#

On the main menu to the left, click on Assets Management. Then, on the asset you want to integrate with SonarQube, select the Edit icon to its right:

img

Click on the Advanced Options button to expand the asset's properties:

img

On the Integrations section of the asset's properties, type SONAR to narrow your search and then select the SonarQube integration you just created in the preceding section:

img

After selecting the SonarQube Integration for your asset, scroll down to the end of the form and click on the Save button, to store your new configuration settings for the asset:

img

Importing SonarQube Issues#

On the Assets Management, click on the asset you want to import issues from SonarQube:

img

On the asset panel, click on the Actions button, then select Import SonarQube Issues:

img

The imported issues will be found on the Findings Menu.