SonarCloud is a SaaS security scanner for static code analysis. When you integrate with your SonarCloud account, you can select the Organisation that you connect to in order to retrieve findings and issues.
Once you have created your integration you’ll be able to select which SonarCloud projects you associate with AppSec Phoenix components to retrieve vulnerabilities.
Create a new SonarCloud integration
- On the sidebar menu navigate to the Scanners tab in the Integrations section.
- Click on the “Add Scanner” button on the right-hand side of the page.
- In the first field, enter a name for this scanner integration and then select “SonarCloud” from under the SAST tab. Then click on “Next”.
- You must now complete the following fields:
- Organisation Key
- User Token
Organisation Key refers to the unique identifier that SonarCloud assigns to each organisation. In order to get the organisation key, you need to log into your SonarCloud account. You can find this information near the top-right corner of the SonarCloud UI (e.g. “security-phoenix-demo” in the screenshot below).
Note: If you don’t have an organisation selected, click on the Account icon on the top-right corner and select one of your organisations.
If you don’t have a User Token you can generate a new one. Open the Account menu from the icon in the top-right corner (image above) and select “My Account”.
Within the My Account page select the security tab and click on the Generate button. Give the token a memorable name and confirm the creation. Remember to copy the token at this stage since there is no way of accessing this token again.
- Once all the required fields have been completed the “Create Scanner” button will become enabled. Click on this button to complete the scanner integration creation process.
After the scanner integration is created the new entry will appear on the Scanners list page.