Creating and importing projects
There are several ways to create a project in SonarQube:
- Import from DevOps Platforms (Enterprise edition and above): If your project is bound to a DevOps platform and you want to benefit from the integration features out of the box (pull request decoration, code scanning alerts, permission synchronization, etc.), go to Create Project > Import from DevOps Platforms from the homepage.
If you already have a DevOps platform Integration configured, you'll be able to directly use it. For example, by clicking Create Project > From GitHub.
- Local project: For a project not linked to a DevOps platform, you can use Create > Local on the Projects page.
- Automate through the API: Both methods mentioned above can be automated using the Web API.
- First scan: If none of the above is relevant, you can create a project by scanning it for the first time.
All the above methods require the Create Projects permission, which can be configured in Administration > Security > Global Permissions.
When a project is created in SonarQube through a first scan, the default configuration applies: default quality profile for each language, default quality gate, default visibility, a permissions template is applied if applicable, etc.
While this is handy, this method is not always desirable as it doesn’t allow a proper configuration upfront. If you want to configure your project before you run a first analysis, use one of the following options:
- Import from DevOps Platforms: If your project is hosted on GitHub, GitLab, Azure DevOps, or BitBucket
- Local project: If your project is not hosted on a DevOps platform (in rare cases).
When you have a large project base, it can be interesting to automate project creation and import using the Web API. If you're getting started with Web API, check out the Web API page.
Only using the Web API
/api/projects/create is enough to create a local project. A name and a project key are the only necessary parameters.
To provision a project from a DevOps platform, SonarQube needs to communicate with the said platform using a personal access token.
This is done in two steps. First, get the personal access token using the
endpoint, then use the
POST api/alm_integrations/import_<yourdevopsplatform>_project to set up the automation.
- You'll first need to use the
POST api/alm_integrations/set_patendpoint to provide this token. Specify the following parameters:
pat: The personal access token itself.
almSetting: Optional. The DevOps Platform configuration name that you target. This can be hardcoded in your automation, or you can use
GET api/alm_settings/listto have the full list. If you have only one Devops platform configuration in your instance, you can skip this parameter.
username: Optional. Only for BitBucket Cloud, as the actual authentication token is the combination of the username and the personal access token.
2. Once you've provided the token, you can use the following import endpoints to set up the automation:
- Azure DevOps:
The details of how to use these endpoints are documented in the Web API documentation.
© 2008-2023, SonarSource S.A, Switzerland. Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution-NonCommercial 3.0 United States License. SONARQUBE is a trademark of SonarSource SA. All other trademarks and copyrights are the property of their respective owners.