--- title: "SonarQube Server" canonical_url: "https://docs.getdx.com/connectors/sonarqube-server/" md_url: "https://docs.getdx.com/connectors/sonarqube-server.md" last_updated: "2026-06-18" --- # SonarQube Server By integrating SonarQube with DX, you can analyze security issues and metrics on code coverage, code smells, and vulnerabilities. Please refer to the API documentation below and our [schema explorer](https://docs.getdx.com/schema/) to see what data DX imports. ## Prerequisites To connect SonarQube to DX, you need: - SonarQube Server version 10 or later. DX authenticates with bearer tokens, which SonarQube Server supports starting in version 10. - a SonarQube account with admin access - allowlist [DX IP addresses](https://docs.getdx.com/allowlisting-dx/) if your SonarQube instance is behind a firewall or has IP restrictions ## Setup instructions Follow the steps below to connect SonarQube to DX. #### Step 1 Log in to your SonarQube account and navigate to **Account > Security**. #### Step 2 Generate a token of type **User** and copy the token. Please note that this token grants DX access to all [API endpoints](https://next.sonarqube.com/sonarqube/web_api0), although DX only makes requests to endpoints that are listed below. Further restriction of API endpoints can be achieved by setting up a proxy, if desired. #### Step 3 - Navigate to the connections page in DX and select "+ Connection" in the top right. - Enter the credentials you have generated in the previous steps—refer to the information below for errors and troubleshooting. ## API reference The table below lists the specific API endpoints that are used by DX. | Endpoint | Documentation | |---------------------------|---------------| | /projects/search | [link](https://next.sonarqube.com/sonarqube/web_api/api/projects/search) | | /issues/search | [link](https://next.sonarqube.com/sonarqube/web_api/api/issues/search) | | /hotspots/search | [link](https://next.sonarqube.com/sonarqube/web_api/api/hotspots/search) | | /measures/searchHistory | [link](https://next.sonarqube.com/sonarqube/web_api/api/measures/search_history) | | /measures/component | [link](https://next.sonarqube.com/sonarqube/web_api/api/measures/component) | | /metrics/search | [link](https://next.sonarqube.com/sonarqube/web_api/api/metrics/search) | ## Errors The table below lists potential error codes when adding a connection in DX. | Error | Description | |----------------------|------------------------------------------------------------------------------------------------------------------| | `invalid_credentials` | Your API credentials entered are not valid. | | `invalid_permissions` | Your API token does not have the permissions required by DX. | ## Troubleshooting #### I'm seeing "internal_server_error" error from API response This indicates that DX can't access server. Please verify API access using the following curl request: ``` curl --location 'https://{BASE_URL}/projects/search' \ --header 'Authorization: Bearer ****' ``` ## Data Cloud API Once the initial connection is created successfully, SonarQube credentials can be managed via the Data Cloud API. - [credentials.create](https://docs.getdx.com/datacloudapi/methods/credentials.create/) - [credentials.update](https://docs.getdx.com/datacloudapi/methods/credentials.update/) - [credentials.info](https://docs.getdx.com/datacloudapi/methods/credentials.info/) - [credentials.list](https://docs.getdx.com/datacloudapi/methods/credentials.list/) - [credentials.delete](https://docs.getdx.com/datacloudapi/methods/credentials.delete/) ### Credential fields | Field | Type | Description | | ----- | ---- | ----------- | | `secrets.api_token` | `String` | A SonarQube user token or project analysis token. | ```json { "id": 456, "secrets": { "api_token": "sqa_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" } } ``` --- ## Sitemap [Overview of all docs pages](/llms.txt)