Setting up integration at global level

Setting up integration of Azure DevOps with SonarQube Server at the global level.

For the integration of an Azure DevOps Services organization or an Azure DevOps Server collection with SonarQube Server, you must:

  • Create a configuration record in SonarQube Server. This record stores the Personal Access Token (PAT) of the technical account used by SonarQube Server to connect to Azure DevOps. This is necessary for importing Azure DevOps repositories and reporting the quality gate status.

  • Install an Azure DevOps Extension for SonarQube Server on the CI/CD host to integrate with Azure Pipelines.

Installing Azure DevOps Extension for SonarQube Server on the CI/CD host

Prerequisites

See Azure DevOps Extension #Installation requirements for Azure DevOps extension.

The SonarQube Server base URL must be properly set, otherwise, integration features will not work correctly. See Server base URL.

Preparing the integration

SonarQube Server uses an Azure DevOps user account to import Azure DevOps repositories to SonarQube Server and report the quality gate status to Azure DevOps. You must provide a Personal Access Token (PAT) from this account.

Creating a technical user account

We highly recommend that you use a dedicated technical user account in Azure DevOps to manage the integration with SonarQube.

  • Do not set the technical user’s account with a Stakeholder access type. Use the Basic access type instead. (Users with the Stakeholder access type can have problems finding their repos when trying to Analyze projects.)

  • We recommend that you add the account to the Contributors security group.

See the Azure documentation for more information about access levels.

Generating your Azure PAT

1. Log in to Azure DevOps with the technical user account created before.

2. Go to your Azure DevOps organization User settings > Personal access tokens and select + New token.

Personal access tokens page

3. On the next page, under Scopes, make sure that you specify at least the scope Code > Read & write.

Create a new personal access token modal

4. Click Create to generate the token.

5. When the personal access token is displayed, copy it (you will have to paste it to SonarQube’s configuration record as described below).

6. If necessary, encrypt this token: see Sensitive settings.

Creating the global configuration record in SonarQube Server

You need the global System Administration permission to perform this procedure.

In SonarQube Server, a global configuration record stores the parameters necessary to connect to your Azure DevOps Server collection or Azure DevOps Services organization*.*

Starting in Enterprise edition, you can set up the integration of SonarQube Server with multiple Azure DevOps platform instances. To do so, you create in SonarQube Server a configuration record for each instance.

To create the Azure DevOps configuration record in SonarQube:

  1. Go to Administration > Configuration > General Settings > DevOps Platform Integrations.

  2. Select the Azure DevOps tab.

  3. Select the Create configuration button. The Create a configuration dialog opens.

  4. Specify the settings as described below.

Field

Description

Configuration Name

Enterprise and Data Center edition only. The name used to identify your Azure DevOps configuration at the project level. Use something succinct and easily recognizable.

Azure DevOps URL

• If you are using Azure DevOps Server: the full Azure DevOps collection URL. For example, https://ado.your-company.com/DefaultCollection.

• If you are using Azure DevOps Services: the full Azure DevOps organization URL. For example, https://dev.azure.com/your_organization.

Personal Access Token

Personal access token generated in Generating your Azure PAT above (or its encrypted value).

Installing the Azure DevOps Extension for SonarQube

See Azure DevOps Extension.

Last updated

Was this helpful?