Getting started with Azure DevOps
If your code is on Azure DevOps, you can benefit from SonarQube Cloud's integration with Azure DevOps.
Key features of Azure DevOps integration
SonarQube Cloud's integration with Azure DevOps allows you to maintain code quality and security in your Azure DevOps repositories. It is compatible with both Azure DevOps Server and Azure DevOps Services.
With this integration, you'll be able to:
- Sign in to SonarQube Cloud with your Azure DevOps credentials.
- Import your Azure DevOps repositories into SonarQube Cloud to easily set up SonarQube Cloud projects.
- Integrate smoothly SonarQube Cloud analysis into your Azure build pipeline with the Azure DevOps extension for SonarQube. This includes multi-branch analysis features.
- Report the analysis' quality gate status right in Azure Pipeline's Build Summary page.
- Prevent pull request merges when the quality gate fails.
- View issues detected on a pull request in Azure DevOps.
Each issue will be a comment on the Azure DevOps pull request. If you change the status of an issue in SonarQube Cloud, that status change is immediately reflected in the Azure DevOps interface.
Sign up to SonarQube Cloud
Go to the SonarQube Cloud product page and choose Set up or Login, then select Azure DevOps from the list of DevOps cloud platforms.
You will be taken to the Microsoft login page. Sign in using your Microsoft credentials.
Setting up a new SonarQube Cloud account with your Azure DevOps service requires that you be logged into both instances because there is some back-and-forth involved between the two platforms.
With an existing Azure DevOps service, you will start by opening a new SonarQube Cloud account, creating a SonarQube Cloud Organization, and connecting it to Azure with an Azure Personal Access Token. With your PAT in place, importing your repositories and configuring the analysis are the next steps to get things going.
Once you have successfully logged in, you will see the SonarQube Cloud welcome screen. See below for full, step-by-step instructions.
Set up your organization
In this step, you will create a SonarQube Cloud organization by importing your Azure DevOps organization. SonarQube Cloud is set up to mirror the way that code is organized in Azure DevOps (and other repository providers):
- Each SonarQube Cloud project corresponds one-to-one with an Azure DevOps project, which resides in its own Git repository.
- Azure DevOps projects are grouped into Azure DevOps organizations.
- Each SonarQube Cloud organization corresponds one-to-one with an Azure DevOps organization.
You will be presented with a screen like this:
Check the organization name and key
SonarQube Cloud will suggest a key for your SonarQube Cloud organization. This is a name unique across all organizations within SonarQube Cloud. You can accept the suggestion or change it manually. The interface will prevent you from changing it to an already existing key.
Create and enter the Azure PAT
- Create the Personal Access Token (PAT) on the Azure DevOps organization as described in Step 1 of Importing an Azure DevOps organization.
- Copy-paste the PAT to Personal Access Token.
Choose a plan
Next, you will be asked to choose a SonarQube Cloud subscription plan. If all the repositories to be analyzed are public on your DevOps platform, you can select the Free plan. When using the Free plan, your code and analysis results will be publicly accessible at sonarcloud.io/explore/projects.
If you want to analyze more than 50k lines of private code, then you need to select the Team or Enterprise plan. Monthly plans offer a 14-day free trial period. Once the 14 days have elapsed, the cost is based on the number of lines of code analyzed. For more information, see Managing your subscription.
A plan is always associated one-to-one with a SonarQube Cloud organization and therefore with a single Azure DevOps organization. If you want to onboard multiple Azure workspaces, you must sign up for a separate plan for each.
Once you have chosen a plan and clicked Create Organization, your SonarQube Cloud organization will be created!
Set up your analysis
Import repositories
The next step is to import the projects (that is, individual git repositories) that you want to analyze (from your Azure DevOps organization) into your newly created SonarQube Cloud organization. A corresponding SonarQube Cloud project will be created for each git repository.
SonarQube Cloud will present a list of the repositories in your Azure DevOps organization. Choose those that you want to import and analyze, then select Set Up to continue.
The selected projects will be imported.
Choose your new code definition
The next step is to set the new code definition (NCD) for your project(s). The NCD is a mandatory step and it defines which part of your code is considered new code. This helps you to focus your attention on the most recent changes to your code and allows you to follow the Clean as You Code methodology.
Note that the new code definition you apply at this stage will apply to all of the projects you have selected for analysis. You can change your new code definition later on a per-project basis.
To do this, go to Your Organization > Your Project > Administration > New Code.
For more information, check out the About new code page.
Configure analysis
With Azure DevOps projects the actual analysis is performed in your build environment (cloud CI, local machine, etc.). This means that you must configure your build process to perform the analysis on each build and communicate the results to SonarQube Cloud.
We refer to this analysis method as CI-based analysis (though it may take place in a cloud CI or a manually configured build environment) to contrast it with automatic analysis which works by SonarQube Cloud directly accessing your repository and performing the analysis itself.
However, automatic analysis is currently available only for GitHub projects and only for a subset of languages. It is currently not available for Azure DevOps projects.
SonarQube Cloud will guide you through a tutorial on how to set up your build environment to perform analysis.
The first step is to select your build environment. SonarQube Cloud will present this page:
If you have no particular preference and are setting up a new project on Azure DevOps, we recommend using Azure DevOps Pipelines as your CI.
SonarQube Cloud’s in-product tutorial assumes that the user has experience setting up pipelines in Azure DevOps and will walk you through most of the process. You can check our documentation if more information is needed to set up your YAML file.
For step-by-step examples to integrate Azure DevOps with SonarQube Cloud, please see the Azure DevOps Labs tutorial, written in part by SonarSource authors and recently updated (in late 2023).
See your analysis results
Your next steps are to check the results of your first analysis and set your new code definition, an important part of implementing a Clean as You Code strategy.
If you log into SonarQube Cloud using an email address that you previously used to log into another DevOps platform, you need to be aware that SonarQube Cloud will automatically associate your email address with the new DevOps platform.
For example, if you log in through Azure DevOps and previously used GitHub, GitHub issues will no longer be assigned to your email address and you will stop receiving GitHub email notifications (via your SonarQube Cloud organization). If you then decide to switch back to GitHub, the Azure DevOps email notifications will be discontinued.
Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
