1. Home
  2. Integrations
  3. Integration with SonarCloud

Integration with SonarCloud

Reading this article you will learn how to integrate your SonarCloud account with your AppSec Phoenix organisation in order to retrieve vulnerabilities.

Prerequisites

In order to integrate SonarCloud with your AppSec Phoenix account, you should:

– Have access to the platform as an Organisation Admin user 
– Have access to your SonarCloud credentials

About SonarCloud

SonarCloud is a SaaS security scanner for static code analysis. When you integrate with your SonarCloud account, you can select the Organisation that you connect to in order to retrieve findings and issues.

Once you have created your integration you’ll be able to select which SonarCloud projects you associate with AppSec Phoenix components to retrieve vulnerabilities.

Create a new SonarCloud integration 

  1. On the sidebar menu navigate to the Scanners tab in the Integrations section.
  1. Click on the “Add Scanner” button on the right-hand side of the page. 
  1. In the first field, enter a name for this scanner integration and then select “SonarCloud” from under the SAST tab. Then click on “Next”. 
  1. You must now complete the following fields:
  • Organisation Key
  • User Token

Configuration Parameters

Organisation Key

Organisation Key refers to the unique identifier that SonarCloud assigns to each organisation. In order to get the organisation key, you need to log into your SonarCloud account. You can find this information near the top-right corner of the SonarCloud UI (e.g. “security-phoenix-demo” in the screenshot below).

Note: If you don’t have an organisation selected, click on the Account icon on the top-right corner and select one of your organisations.

User Token

If you don’t have a User Token you can generate a new one. Open the Account menu from the icon in the top-right corner (image above) and select “My Account”.

Within the My Account page select the security tab and click on the Generate button. Give the token a memorable name and confirm the creation. Remember to copy the token at this stage since there is no way of accessing this token again.

  1. Once all the required fields have been completed the “Create Scanner” button will become enabled. Click on this button to complete the scanner integration creation process.  

After the scanner integration is created the new entry will appear on the Scanners list page.

Updated on March 17, 2022

Related Articles

x Logo: Shield Security
This Site Is Protected By
Shield Security