Start FreeLog in
SonarQube Cloud | Advanced setup | CI-based analysis | Azure pipelines | Setting up project integration

Setting up project integration with Azure Pipelines

On this page

Adding SonarQube service connection to Azure Pipelines Enabling the pull request analysis in your build pipeline

This page explains project-level settings required if you use Azure Pipelines for your project analysis.

Adding SonarQube service connection to Azure Pipelines (SonarQube endpoint)

Service connections are authenticated connections between Azure Pipelines and external or remote services. You must declare your SonarQube Cloud as a service connection in your Azure DevOps project.

Proceed as follows:

  1. In SonarQube Cloud, create an authentication token that will be used by Azure DevOps to execute the analysis of your project in SonarQube Server. To do so, create a token and copy it. For more information, see Managing your tokens.
  2. In your Azure DevOps project, go to Project Settings > Service connections.
  3. Select New service connection and then select SonarQube Cloud from the service connection list.
  4. Enter the SonarQube Cloud URL, the token created in the first step, and a memorable Service connection name (You will need this name when configuring your Azure build pipelines). Then, select Save to save your connection.

Enabling the pull request analysis in your build pipeline

The Azure DevOps extension running in your Azure pipeline can automatically detect branches or pull requests being built (you don't need to pass them as parameters to the scanner). 

The procedures below explain how to configure a pull request trigger in your Azure build pipeline depending on your DevOps platform. You can also block the pull request merge if the quality gate fails. 

Azure DevOps

To enable the pull request analysis in your Azure pipeline of code stored on Azure DevOps:

  1. Configure a pull request trigger on the target branch (main development branch). To do so, add a build validation policy on the branch (you cannot define pull request trigger in your pipeline):
    1. In the Branch policies page of your target branch, add a build validation policy that runs your build pipeline.
    2. Create an Azure DevOps Personal Access Token having a Code (read and write) scope.
    3. In SonarQube Cloud, set this token by navigating to Your Project > Administration > General Settings > Pull Requests > Integration with Azure DevOps Services.
  2. To prevent the merge of pull requests when the quality gate fails, proceed as follows (you can also watch this video for a quick overview of the procedure):
      1. After the first analysis on a pull request, go to the Branch policies page of your target branch.
      2. Under Require approval from additional services, select Add status policy.
      3. In the Status to check dropdown, select SonarQube Cloud/quality gate (you will not see the SonarQube Cloud quality gate until the analysis build has been run once).
      4. Then choose the option depending on your need:
        • Optional: Users will be able to merge a pull request even if the quality gate fails. 
        • Required: Users will not be able to merge a pull request unless the quality gate passes.
      5. Select Save.


GitHub or Bitbucket Cloud

To configure a pull request trigger in your Azure build pipeline for code stored on GitHub or Bitbucket Cloud:

  1. Select Edit to modify your build pipeline.
  2. Go to the Triggers tab.
  3. Select the correct repository under Pull request validation.
  4. Select Enable pull request validation.
  5. Set up the branch filters: Note that this is the target branch of the pull request. See the Microsoft documentation for more details.
  6. Select Save to update your pipeline.

Was this page helpful?

© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License