# Setting up Azure DevOps integration at global level

For the integration of an Azure DevOps Services organization or an Azure DevOps Server collection with SonarQube Community Build, you must:

* Create a configuration record in SonarQube Community Build. This record stores the Personal Access Token (PAT) of the technical account used by SonarQube Community Build to connect to Azure DevOps. This is necessary for importing Azure DevOps repositories and reporting the quality gate status.
* Install an Azure DevOps Extension for SonarQube Community Build on the CI/CD host to integrate with Azure Pipelines.

<figure><img src="/spaces/KXW79zfYFiA8incTvwZK/files/gS9pIPcWVW7sC5SlnlbR" alt="Installing Azure DevOps Extension for SonarQube Server on the CI/CD host"><figcaption></figcaption></figure>

## Prerequisites <a href="#prerequisites" id="prerequisites"></a>

See [Azure DevOps Extension](/sonarqube-community-build/analyzing-source-code/scanners/sonarqube-extension-for-azure-devops.md) for more information.

The SonarQube Community Build base URL must be properly set, otherwise, integration features will not work correctly. See [Server base URL](/sonarqube-community-build/instance-administration/server-base-url.md) for more information.

## Preparing the integration <a href="#preparing" id="preparing"></a>

SonarQube Community Build uses an Azure DevOps user account to import Azure DevOps repositories to SonarQube Community Build and report the quality gate status to Azure DevOps. You must provide a [Personal Access Token](https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=tfs-2017\&tabs=preview-page) (PAT) from this account.

{% hint style="warning" %}
Be aware of the following PAT failure points:

* Azure PATs require an expiration date. Check the [Microsoft documentation](https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops\&tabs=Windows#create-a-pat) for details when creating your PAT.
* Azure requires that a user log in every 30 days, or it automatically stops a PAT; this action may cause your related pipeline to fail. Here is [an Azure Q\&A](https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops\&tabs=Windows#q-why-did-my-pat-stop-working) on this topic.
  {% endhint %}

<details>

<summary>Creating a technical user account</summary>

We highly recommend that you use a dedicated technical user account in Azure DevOps to manage the integration with SonarQube.

* Do not set the technical user’s account with a **Stakeholder** access type. Use the **Basic** access type instead. (Users with the **Stakeholder** access type can have problems finding their repos when trying to Analyze projects.)
* We recommend that you add the account to the **Contributors** security group.

See the Azure documentation for more information [about access levels](https://learn.microsoft.com/en-us/azure/devops/organizations/security/access-levels?view=azure-devops).

</details>

<details>

<summary>Generating your Azure PAT</summary>

1\. Log in to Azure DevOps with the technical user account created before.

2\. Go to your Azure DevOps organization **User settings** > **Personal access tokens** and select **+ New token**.

<div align="left"><figure><img src="/files/9yxvuBFMM1vruMUMGBzV" alt="The Personal access tokens page found in Azure DevOps." width="563"><figcaption></figcaption></figure></div>

3\. On the next page, under **Scopes**, make sure that you specify at least the scope **Code** > **Read & write**.

<div align="left"><figure><img src="/files/czvaGAeZ7DsQD6q2x8bB" alt="The Create a new personal access token modal found in Azure DevOps." width="375"><figcaption></figcaption></figure></div>

4\. Click **Create** to generate the token.

5\. When the personal access token is displayed, copy it (you will have to paste it to SonarQube’s configuration record as described below).

6\. If necessary, encrypt this token, see [Sensitive settings](/sonarqube-community-build/instance-administration/security/encrypting-settings.md) for more details.

</details>

## Creating the global configuration record in SonarQube Community Build <a href="#creating-config-record" id="creating-config-record"></a>

You need the global System Administration permission to perform this procedure.

In SonarQube Community Build, a global configuration record stores the parameters necessary to connect to your Azure DevOps Server collection or Azure DevOps Services organization\*.\*

To create the Azure DevOps configuration record in SonarQube:

1. Go to **Administration** > **Configuration** > **General Settings** > **DevOps Platform Integrations**.
2. Select the **Azure DevOps** tab.
3. Select the **Create configuration** button. The **Create a configuration** dialog opens.
4. Specify the settings as described below.

| **Field**             | **Description**                                                                                                                                                                                                                                                                                     |
| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Azure DevOps URL      | <p>• If you are using Azure DevOps Server: the full Azure DevOps collection URL. For example, <https://ado.your-company.com/DefaultCollection>.</p><p>• If you are using Azure DevOps Services: the full Azure DevOps organization URL. For example, <https://dev.azure.com/your_organization>.</p> |
| Personal Access Token | Personal access token generated in **Generating your Azure PAT** above (or its encrypted value).                                                                                                                                                                                                    |

## Installing the Azure DevOps Extension for SonarQube <a href="#installing-extension" id="installing-extension"></a>

See the [Azure DevOps Extension](/sonarqube-community-build/analyzing-source-code/scanners/sonarqube-extension-for-azure-devops.md) page.

## Related pages <a href="#related-pages" id="related-pages"></a>

* [Azure Pipelines integration overview](/sonarqube-community-build/devops-platform-integration/azure-devops-integration/azure-pipelines-integration-overview.md)
* [Creating and configuring your Azure DevOps project](/sonarqube-community-build/devops-platform-integration/azure-devops-integration/creating-your-project.md)
* [Setting up project integration](/sonarqube-community-build/devops-platform-integration/azure-devops-integration/project-integation.md) at the project level
* [Introduction](/sonarqube-community-build/devops-platform-integration/azure-devops-integration/adding-analysis-to-pipeline/introduction.md) to adding analysis to your Azure build pipeline
* [Troubleshooting analysis](/sonarqube-community-build/devops-platform-integration/azure-devops-integration/troubleshooting-analysis.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-community-build/devops-platform-integration/azure-devops-integration/setting-up-integration-at-global-level.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.