Jira Cloud integration

See Jira Cloud integration on a project level for more information about connecting your SonarQube projects with Jira Cloud projects.

Permissions and access

To set up your Jira Cloud integration for your SonarQube Server instance, you will need the Administer System permission. To set this permission, go to Administration > Security > Global permissions and select the Administer System checkbox for specific users or groups.

To set up a new OAuth (3LO) integration app in Atlassian, you will need to be the administrator for your Jira Cloud organization. See Pre-binding steps in Atlassian for more information.

To connect SonarQube Server to Jira Cloud, your instance of SonarQube Server needs to be able to see the appropriate Atlassian domains. This means these domains might need to be added to a firewall allow list or similar.

Pre-binding steps in Atlassian

Before you can bind your SonarQube Server instance with Jira Cloud you need to create and set up a new OAuth (3LO) integration app in the Atlassian developer console. These steps should be performed by your Jira Cloud organization’s administrator.

1

Log into Atlassian developer console

1. Go to developer.atlassian.com and sign into your account. If you don’t have an account, create one.

1. Click on your account in the upper right corner of the page and select Developer console.

2

Create an OAuth 2.0 (3LO) integration app

1. On the My apps page, click Create and select OAuth 2.0 integration from the drop-down menu.

1. On the next screen, enter the Name of the app.

2. Read and agree to the Atlassian’s developer terms.

3. Click Create. The Overview page opens with details of the app.

3

Configure the permissions

1. Select Permissions from the left-side navigation.

2. Navigate to Jira API on the list and click Add under the Action column. The button’s label changes to Configure.

3. Click Configure. The Classic scopes tab opens.

1. Click Edit Scopes in the Classic scopes tab of the Jira platform REST API section.

1. Select the following scopes in the modal:

   • View Jira issue date

   • Manage Jira global settings

   • View user profiles

   • Create and manage issues

   • Manage Jira webhooks

2. Click Save.

4

Configure the authorization

1. Select Authorization from the left-side navigation.

2. Navigate to your authorization entry and click on Add.

1. On the authorization page enter the Callback URL. To construct the URL check the Server based URL of your instance:

   1. Go to Administration > Configuration > General Settings

   2. Scroll down to the General section and check what the Server based URL is. If the Server based URL field is empty because it hasn’t been customized, copy the server’s URL from the browser.

   3. Add /callback to the end of the URL to construct the callback URL. For example, if the server based URL is https://sonarqube.mycompany.com then the callback URL should be https://sonarqube.mycompany.com/callback .

2. Click Save changes.

5

Change the distribution status

1. Select Distribution from the left-side navigation.

2. Click Edit to change the distribution status of the app.

1. Change the distribution status to Sharing.

2. In the Vendor & security details section enter the following information:

   • Name: SonarSource

   • Privacy policy: https://www.sonarsource.com/company/privacy/

   • Personal data declaration > Does your app store personal data? Select No.

3. Click Save change.

6

Retrieve the authentication details

1. Select Settings from the left-side navigation.

2. Scroll down to Authentication details and copy the Client ID and Secret. You will use this information in SonarQube Server to bind your instance with Jira Cloud in the next step.

Binding steps in SonarQube Server

To bind your SonarQube Server instance with Jira Cloud go to Administration > Configuration > General Settings > Integrations > Jira.

1. Enter the Client ID and Secret you copied from the Atlassian app’s Authentication details. See the Pre-binding steps in Atlassian on how to retrieve your Client ID and Secret.

2. Click Connect.

3. Grant project administrators binding permissions enables project administrators to bind their projects to any Jira project that the Sonar organization admin token can access. This means that project administrators in SonarQube might see Jira projects and create Jira work items in projects for which they lack permissions in Jira Cloud.

1. You will be redirected to the Atlassian authorization page for 3rd party vendors. Follow the instructions and if you have multiple Jira Cloud instances, make sure to select the right instance.

2. Click Accept to authorize the connection.

3. Once you are redirected back to SonarQube Server you will see a Connected badge displayed next to Jira along with information about when the connection was established, and with options to reauthorize and delete the connection.

After the connection is established you can bind your SonarQube Server projects with Jira projects. See Jira Cloud integration on the project level for more information.

Reauthorizing the connection to Jira Cloud

Reauthorizing your SonarQube Server instance is non-destructive, which means that connections to all projects and issues will remain intact.

In the unlikely event that your SonarQube Server instance doesn’t use any features of the Jira integration for three months (for example, if there are no projects connected to Jira Cloud), the connection to Jira Cloud will expire and will need to be re-authenticated by the system administrator.

Deleting the connection with Jira Cloud

Deleting your instance’s connection with Jira removes all bindings between SonarQube and Jira Cloud, as well as related data in the SonarQube Server. To completely remove the connection, you must revoke relevant token permissions in the Atlassian account.

By deleting the SonarQube to Jira Cloud connection, you will:

• Lose access to all Jira features in this SonarQube Server instance.

• Delete this instance’s project to Jira Cloud project connections.

• Disconnect all SonarQube issues from Jira work items.

Binding your project with Jira Cloud

See Jira Cloud integration on a project level for more details.

Troubleshooting

The following are the typical errors that might prompt you to troubleshoot the connection with Jira Cloud:

• The administrator who set up the connection has left the company and the Atlassian token has been removed. Solution: The new administrator has to reauthorize the Jira Cloud connection. See Reauthorizing the connection with Jira Cloud for more information.

• The connection has been reauthorized with a wrong Jira Cloud instance. Solution: Make sure to select the correct Jira cloud instance on the Atlassian authorization page when reauthorizing the connection. SonarQube Server remembers previous issue-to-Jira work item connections on the project levels, but the SonarQube instance has to be reauthorized to the original Jira Cloud instance for these connections to be available again. See Reauthorizing the connection to Jira Cloud for more information.

• The Connect button is grayed out on the project settings page for Jira, preventing you from binding your Sonar project with a Jira project, or the Edit and Delete buttons are grayed out on an existing SonarQube-to-Jira connection. Solution: Make sure the System Administrator turns on the toggle for Grant project administrators binding permissions on the Jira administration page for the SonarQube Server instance. See Binding steps in SonarQube Server for more information.

• The Push to Jira button is not visible on the SonarQube issue page. Solution: After connecting your SonarQube instance to a Jira Cloud instance you need to bind individual SonarQube projects to Jira projects. See Jira Cloud integration on a project level for more information.

Related pages

• Jira Cloud integration on a project level

• Managing Jira work items