Version: SonarQube Enterprise EditionVersion 8.9.8 (build 54436)
Deployed: on-premise (specific technology not really relevant in this case)
What do we want to do: We have Azure DevOps pipelines that are using the cloud based build agent that we would like to hook up to our on-premise SonarQube using the SonarQube ADO plugin (GitHub - SonarSource/sonar-scanner-vsts: SonarQube TFS/VSTS Marketplace Extension). Our on-premise Sonar is NOT externally exposed, thus we need a route to get to it. One potential solution to this that we can easily secure is to utilize Azure API Manager to secure the route from ADO into our internal network. This however assumes that the SonarQube ADO plugin uses the Sonar web API’s and identifying which API’s it is consuming to define in the manager (have to define them as some are get’s and some are post’s). An OpenAPI Spec would make this easier.
So simplify the question: Is it known what API’s what the ADO/VSTS Sonar Scanner plug-in requires access to?
Secondary question, has anyone gone the extra mile and created at least a skeleton OpenAPI Spec for the Sonar web API’s?
Make sure you 