How to automate creation of work items in Azure DevOps based on Bugs, Vulnerabilities etc

Template for a good new topic, formatted with Markdown:

  • ALM used (Azure DevOps)
  • CI system used (Azure DevOps)
  • Scanner command used when applicable (private details masked)
  • Languages of the repository - .net primarily
  • Only if the SonarCloud project is public, the URL
    • And if you need help with pull request decoration, then the URL to the PR too
  • Error observed (wrap logs/code around with triple quotes ``` for proper formatting)
    No Error as such
  • Steps to reproduce
  • Potential workaround

I would like to automate the creation of workitems in DevOps as bugs, vunerabilities and security hotspots are highlighed by sonarcloud. This will allow for us to reduce the feedback loop and make fixing convention and security issues easier and in a timely manner.

Would this required calling into a SC API if the build breaks based on SC checks or is there somethign built in im missing?

Thanks David


1 Like

Hi @davidjsteele

We currently don’t support this kind of scenario, but that’s definitely something to keep in mind for the future.

In the mean time, and as a party-automated workaroud, you can add a new reply on the comment that SonarCloud is writing on the PR, with a # + the number of the work item if you want to kind of link it.

You can read more about that here

Thank you.


1 Like

Hi Mickaël,
Thanks for the feedback - yeah guess the git # solution requires for a work item to be manually created and associated. Would suggest bi-directional comms for work item creation should defo be considered by the dev team across ALM instances. Would take a great product to a awesome product IMO only :slight_smile:
Thanks David

1 Like

We’re just evaluating SonarCloud and this request came straight in from our lead dev so +1 to it