Search
  • Cihat Erdağ

SONARQUBE – JIRA INTEGRATION USING REST API





Ensuring security of the written code is a very important factor in terms of DevSecOps.


Sonarqube is one of the most widely used code scanning tools. The findings from Sonarqube need to be integrated with products like Jira in order to be best managed by the team.



In this article, we will explain how Sonarqube issues can be automatically created as Jira issues with labels like bug, vulnerability and code smell. We wrote a middleware with Python utilizing Sonarqube Web API and Jira Cloud REST API.


Our overall algorithm is as follows:


  1. Fetch active issues from Sonarqube

  2. Fetch active issues from Jira

  3. Check if Sonarqube issue is already created in Jira

  • If so, update Jira issue.

  • Otherwise, create a new Jira issue


Get All Issues From Sonarqube



We use GET request to the endpoint /api/issues/search for retrieving all issues from Sonarqube. It will return json data, so we’ll parse that to use.





Check and Create Jira Issues





We need to define which fields we want to get from the returned json data and transfer them to Jira. Also, our script checks whether the Sonarqube issue has already created in Jira.


Post Issues to Jira


We used following Jira Rest API endpoint to create issues:

POST rest/api/2/issue


https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issues/#api-group-issues




To access Jira projects, you need to create authentication token. You need to send it with every request. In the script, we used HTTP Basic Authentication. You may also need to give appropriate permission for the user you create token from (i.e. permission to manage issues).

To save name of external issuer (Sonarqube) and ID of external issue, we created two custom fields in our Jira project. In Jira API’s response Json, there are multiple key names starting with “customfield”, so we needed to figure out which of those correspond to our Sonarqube related fields (here custom_field10058 and custom_field10056).



After matching with the appropriate parts for Jira API structure, we are now able to create Sonarqube issues in Jira project.



Recent Posts

See All

Secure Computing Blog

Bizimle beraber emek harcayan herkesin yazmak istediği siber güvenlik ile ilgili konuları burada bulabilirsiniz. #securecomputing #cybersecurity #blog