🔍

SonarQube

Available

SonarQube provides continuous code quality and security analysis. Integrate code issues, bugs, and security vulnerabilities directly into your tapioca workflow.

Get Started Documentation Official Website

What you can do

Import code quality issues as tasks

Track technical debt in tapioca

Create tasks for security hotspots

Link issues to specific code files

View quality gate status per project

Automatic task updates on re-analysis

Setup Instructions

Configure SonarQube webhook

In SonarQube, go to Administration → Webhooks and add a new webhook with your tapioca integration URL.

Connect in tapioca

Navigate to Settings → Integrations → SonarQube and enter your SonarQube server URL and access token.

Map projects

Link your SonarQube projects to tapioca projects. Issues will be created in the corresponding tapioca project.

Configure issue types

Choose which SonarQube issue types (bugs, vulnerabilities, code smells) should create tapioca tasks.

Configuration Reference

Option	Type	Required	Description
server_url	string	Yes	Your SonarQube server URL
token	string	Yes	SonarQube access token with project read permissions
issue_types	string[]	No	Issue types to import Default: `["BUG", "VULNERABILITY"]`
severity_filter	string[]	No	Minimum severity levels Default: `["MAJOR", "CRITICAL", "BLOCKER"]`
sync_interval	number	No	Sync interval in minutes Default: `30`

Troubleshooting

Cannot connect to SonarQube server

Verify the server URL includes the protocol (http/https) and check that your token has the required permissions.

Issues are not syncing

Check the webhook configuration in SonarQube. The webhook URL must be accessible from your SonarQube server.

Too many tasks being created

Adjust the severity filter and issue type settings to only import the most critical issues.

Related Integrations

🔒 Trivy 🐙 GitHub 🦊 GitLab

Need help with this integration?

Our team is here to help you get set up and running.

View Documentation Contact Support