Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SonarQube Cloud configuration

SonarQube Server configuration

...

CONFIGURATION FOR SONARQUBE CLOUD 

The plugin configuration is quite simple. You can setup your SonarQube settings in your JIRA project settings section:

Image Removed

...

Info

This page shows you how to configure the integration for SonarQube Connector for Jira Server / Data Center version. Are you looking for SonarCloud configuration? See Configuration for SonarQube Connector for Jira Cloud

Global Settings Configuration

You can configure a global server to share the configuration on all Jira projects. This is very useful if your Sonar instance is the same for all your Jira projects.

...

There are different options:

  • SonarQube Server URL: this is server base URL for your SonarQube

    Cloud

    installation

  • Note : the base URL for SonarQube Cloud is https://sonarcloud.io

Image Removed

...

  • Token: this field is optional. If your SonarQube

    cloud

    instance is not public, then you will need to setup this field with the security token from a SonarQube user

  • The token type must be USER token type. You can find more information about SonarQube tokens here: https://docs.sonarqube.org/display/SONAR/User+Token

  • Resource ID

    SonarCloud Organization: this

    is the key of the SonarQube resource where you are going to retrieve the quality metrics. You can get this key from your SonarQube project dashboard or your sonar-project analysis parameters. 
    • Note: since version 1.4 you can setup more than one resource/project key by providing a comma separated list of resource keys. Measures will be aggregated into a unique view of all the projects together. See section linking multiple projects to Jira.
  • Issue type: This is the default issue type to create new SonarQube issues
  • Custom metrics:  List of custom metric keys to display in the dashboard, you can specify 1 or a list of metric keys separated by commas. For example: blocker_violations, major_violations, classes. Check with your SonarQube administrator to find out the keys to the available metrics
Note

If your SonarQube instance is using HTTPS then you may need to import your SSL certificate into your JIRA installation using keytool or any other similar tools.

Check this documentation if you don't know how to import your certificate into JIRA: https://confluence.atlassian.com/jira/connecting-to-ssl-services-117455.html

GLOBAL CONFIGURATION FOR SONARQUBE CLOUD 

Image Removed

You can configure a global server to use from Jira projects.

There are two options:

  • SonarQube Server URL: this is server base URL for your SonarQube installation

Image Removed

  • Token: this field is optional. If your SonarQube instance is not public, then you will need to setup this field with the security token from a SonarQube user. You can find more information about SonarQube tokens here: https://docs.sonarqube.org/display/SONAR/User+Token
  • parameter is needed if you have configured SonarCloud as SonarQube Server URL.

  • Open AI Settings (Experimental) : Configuring this field will automatically add comments to Jira issues created by the application (3 comments max). These comments are suggestions for resolve the problem in code using the OpenAI API. If you dont have a token, you can generate it from here. Additionally, please note that the feature to use OpenAI's suggestions via the plugin is optional and it is disabled by default. Furthermore, you need to have your own OpenAI API key managed entirely by yourself.

...

  • Show history charts : you can enable/disable this option if you want to show history measure charts.

  • History date : you can select a date from which you want to obtain de history measures.

  • Group project cards : the number of of individual project cards displayed in the plugin panel.

  • Last analysis date warning : this option will show a warningn for projects with last analysis date befor this configured date in days (90 days by default).

  • Main Panel Screen : you can select which screen do you want to be main screen (Overview, CWE Top 25, OWASP Top 10, OWASP ASVS or ISO 5055).

image-20240723-074756.pngImage Added

  • Filter settings : Select which sonarqube issuetypes are displayed in sonarqube issuesbreakdown.

  • Enable Plugin for projects types : If you only want to see the SonarQube Connector for Jira in some type of project, such as Jira Software project types, it is possible from the Global settings.

Info

IMPORTANT

Enable Plugin for projects types is only available in DataCenter version

Project Level Configuration

The plugin configuration is quite simple. You can setup your SonarQube settings in your JIRA project settings section:Image Removed

...

There are five different options:

  • SonarQube Server URL: this is server base URL for your SonarQube installation

  • Token: this field is optional. If your SonarQube instance is not public, then you will need to setup this field with the security token from a SonarQube user. 

  • The token type must be USER token type. You can find more information about SonarQube tokens here: https://docs.sonarqube.org/display/SONAR/User+Token

  • SonarCloud Organization: this parameter is needed if you have configured SonarCloud as SonarQube Server URL.

  • Open AI Settings (Experimental) : Configuring this field will automatically add comments to Jira issues created by the application (3 comments max). These comments are suggestions for resolve the problem in code using the OpenAI API. If you dont have a token, you can generate it from here. Additionally, please note that the feature to use OpenAI's suggestions via the plugin is optional and it is disabled by default. Furthermore, you need to have your own OpenAI API key managed entirely by yourself.

...

  • Show history charts : you can enable/disable this option if you want to show history measure charts.

  • History date : you can select a date from which you want to obtain de history measures.

  • Group project cards : the number of of individual project cards displayed in the plugin panel.

  • Last analysis date warning : this option will show a warningn for projects with last analysis date befor this configured date in days (90 days by default).

  • Main Panel Screen : you can select which screen do you want to be main screen (Overview, CWE Top 25, OWASP Top 10, OWASP ASVS or ISO 5055).

image-20240723-075700.pngImage Added

  • Filter settings : Select which sonarqube issuetypes are displayed in sonarqube issuesbreakdown.

image-20240723-075757.pngImage Added

  • Resource ID: this is the key of the SonarQube resource where you are going to retrieve the quality metrics. You can get this key from your SonarQube project dashboard or your sonar-project analysis parameters (sonarqube project key)

    • Note:

...

    • you can setup more than one resource/project key by providing a comma separated list of resource keys

...

    • .

  • Tags :This is an optional field. You can get the projects through the tags associated with them in SonarQube/SonarCloud. These tags can be obtained from your project page in SonarQube/SonarCloud or from the analysis properties. You can configure more than one tag by specifying a comma separated list of tags. The results will be aggregated

...

  • in a

...

  • single view

...

  • with all the

...

  • resources together.

...

  • Require all tags : enable this option if you want to retrieve the information from all projects that have exactly all configured tags.

  • Custom metrics:  List of custom metric keys to display in the dashboard, you can specify 1 or a list of metric keys separated by commas. For example: blocker_violations, major_violations, classes. Check with your SonarQube administrator to find out the keys to the available metrics

...

Note

If your SonarQube instance is using HTTPS then you may need to import your SSL certificate into your JIRA installation using keytool or any other similar tools.

Check this documentation if you don't know how to import your certificate into JIRA: https://confluence.atlassian.com/jira/connecting-to-ssl-services-117455.html

GLOBAL CONFIGURATION SONARQUBE SERVER 

Image Removed

You can configure a global server to use from Jira projects.

There are two options:

  • SonarQube Server URL: this is server base URL for your SonarQube installation
  • Token: this field is optional. If your SonarQube instance is not public, then you will need to setup this field with the security token from a SonarQube user. You can find more information about SonarQube tokens here: https://docs.sonarqube.org/display/SONAR/User+Token

    .

image-20240723-080225.pngImage Added

Create Jira Issue Settings:

  • Issue type For Bugs:  this is the default issue type to create new Jira issues based on SonarQube Bugs.

  • Issue type For Vulnerabilities:  this is the default issue type to create new Jira issues based on SonarQube Vulnerabilities.

  • Issue type For Code Smells: this is the default issue type to create new Jira issues based on SonarQube Code Smells.

  • Issue type For Hotspots: this is the default issue type to create new Jira issues based on SonarQube Security Hotspots.