API to enable AutoScan for GitHub repo

Rashad_Amirjanov · April 14, 2020, 2:42pm

Hi, Dears.
We are really excited to use the AutoScan feature of SonarCloud in our org.

To enable the AutoScan feature, we are adding GitHub repositories from https://sonarcloud.io/projects/create manually.

I want to ask, is there any possibility to enable AutoScan for GitHub repo with WebAPI?
Or enable this future for whole organization and for all entire repositories?

The first (1) option is more relevant.

Thanks in advance.

Gregoire_Aubert · April 15, 2020, 7:29am

Hello,

To answer your questions directly:

We currently don’t have any public API to do the import of repositories.
If your repositories are compatible with Autoscan it should be enabled by default when you import your projects.

Otherwise I’m wondering, do you know that you can import multiple projects at once ? Does this not answer your need ? Could you clarify your use case behind the need for an API to do the import ?

Rashad_Amirjanov · April 16, 2020, 6:55am

Hello, thanks for your answer.

Let me explain in other words. You know, we are working with microservices. And it means that you have dozens of repositories and every day we are creating a new repository. We automized the creation of repositories by integrating them with other DevSecOps tools (SNYK, Veracode, etc). So, now we want to import repo to SonarCloud immediately right after the creation of repo.

It is not the solution, because we want to add right after creation with API.

Gregoire_Aubert · April 16, 2020, 7:14am

Thanks for the explanation, it seems like a valid use case that we don’t support yet and as far as I know we don’t have plan to support it either. So I suggest that you do a feature request.

And unfortunately, in the mean time, I don’t really have any solution for you…

Rashad_Amirjanov · April 23, 2020, 1:56pm

Following requests directly from the site, I found out how to enable AutoScan for Github Repository automatically.

So, sharing script to make it publicly available and I hope it will help someone:

curl --include \
    --request POST \
    --header "Content-Type: application/x-www-form-urlencoded" \
    -u ${SONAR_TOKEN}: \
    --data-binary "installationKeys=${GITHUB_ORG}%2F${REPO_NAME}%7C${REPO_ID}&organization=${SONAR_ORG}" \
   "https://sonarcloud.io/api/alm_integration/provision_projects"

curl --include \
    -u ${SONAR_TOKEN}: \
   "https://sonarcloud.io/api/autoscan/eligibility?autoEnable=true&projectKey=${GITHUB_ORG}_${REPO_NAME}"

Thanks a lot.

tinomen · October 8, 2020, 2:18am

What does REPO_ID refer to? github or sonar id

FELIX_ORDUZ · September 27, 2021, 7:55pm

REPO_ID is the github id

red_888 · April 21, 2022, 1:48pm

I’m getting a 404 when trying to access

URL: https://sonarcloud.io/api/alm_integration/provision_projects

I’m using bitbucket

qaz333 · August 3, 2022, 4:49pm

Hey mate,

You have to use BitBucket repo UUID, so it’ll be like:

organization={org.name}&installationKeys={repo.uuid}

Also to note (because it was misleading for me), you should use this API instead of /api/projects/create and not in conjunction with it, as it creates project in SonarCloud itself.

Hope this helps

santos-edu · December 29, 2022, 11:37pm

It’s worked for me, thanks a lot