Rebse
February 28, 2024, 6:32pm
4
I actually once asked the question of how Sonarqube works with DefectDojo in 2020, but did not receive a satisfactory answer at the time
Discussions on GitHub indicated efforts to create a dedicated API for extracting data from Sonarqube for DefectDojo, although ultimately it was decided not to proceed with this approach
opened 11:43AM - 15 Nov 18 UTC
closed 03:04PM - 10 Aug 19 UTC
enhancement
Import Scans
First of all, thank you for this amazing tool, I'm just starting to use it.
I… would like to use this recent Integration, however I am unable to generate HTML report in SonarQube.
Sample HTML file can be obtained at https://github.com/DefectDojo/sample-scan-files/blob/master/sonarqube/sonarqube_v6.7.5.html and it works like a charm.
I am also using SonarQube 6.7.5 version, on its Community Edition.
Having a look to HTML sample code, it contains some banner about @AdrienGuillerme employer, which leads me to think, that provided HTML report is an internal report generated by them. If so, would you mind to share how you generate it? Maybe some template / SonarQube API calls.
Thanks in advance.
This discussion also mentions some tool generating html reports in Sonarqube
Another Github issue highlighted a problem with setting up the integration due to connection errors and
opened 12:50PM - 24 Oct 23 UTC
closed 12:26AM - 11 Jan 24 UTC
**Problem description**
I'm trying to set up integration between SonarQube and … Defect Dojo. However, when I try to access SonarQube's API through Defect Dojo's Tool integration, I get an error.
**Steps to reproduce**
Steps to reproduce the behavior:
1. Start SonarQube
2. Create a user DefectDojo with an API access key in SonarQube
3. Start DefectDojo
4. Go to Tools configurator
5. Add Tool Type SonarQube, with the following info:
6. Url: "http://localhost:9000/api" (without double quotes)
7. Authentication type: API Key
8. Username "DefectDojo" (as username in SonarQube from step 2)
9. Password: as entered in SonarQube, used to try out for Auth type username/password
10. Title for SSH / API Key: DefectDojo (same as in step 8)
11. SSH kEy <empty>
12. API Key: as copied from SonarQube in step 2
13. Click on 'Submit'
I get the following error in Defect Dojo:
`HTTPConnectionPool(host='localhost', port=9000): Max retries exceeded with url: /api/components/search?qualifiers=TRK (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0xffffa2ada4d0>: Failed to establish a new connection: [Errno 111] Connection refused'))`
**Test Using CURL**
In a terminal, I perform the following:
$curl -u <token, same as step 12>: http://localhost:9000/api/user_tokens/search
I receive:
`{"login":"DefectDojo","userTokens":[{"name":"DefectDojo","createdAt":"2023-10-23T12:00:21+0000","lastConnectionDate":"2023-10-23T12:44:40+0000","type":"USER_TOKEN"}]}`
This tells me that both the user and the API token work on SonarQube's side.
**Expected behavior**
Defect Dojo can successfully connect to SonarQube
**Deployment method** *(select with an `X`)*
- Docker Compose
- SonarQube in Docker as well Community Edition Version 10.2.1 (build 78527)
**Environment information**
- Operating System: Docker / Alpine (?)
- DefectDojo version v. 2.27.0 ( release mode )
**Logs**
No corresponding logs are written in SonarQube
**Sample scan files**
NA
**Screenshots**
NA
**Additional context** (optional)
NA
There’s also a community post from 2023 without a solution
Hello!
I am using SonarQube and would like to integrate with Defectdojo. We already have some projects in sonar, and I would like to set a web hook in sonarqube, so that any results at each run of pipeline will be sent to defectdojo. I could not find any detailed information on webhooks. I don’t want to integrate sending to defectdojo through script in ci/cd, and I don’t want to create a third party between SonarQube and defectdojo. (third party catches the sonar webhook, parses it and sends to…
I have not done any further research into this matter.https://www.defectdojo.org/