SonarQube integration with SIEM ie. Splunk

Must-share information (formatted with Markdown):

  • which versions are you using: 9.9 LTS
  • how is SonarQube deployed: zip
  • what are you trying to achieve: passing some additional information from SQ to nice looking dashboards in Splunk; leveraging advanced SPLUNK search and indexing capabilities to display more data about stats ie. vulnerabilities, bugs, projects per team, vulnerabilities per team etc.
  • what have you tried so far to achieve this: installed Splunk locally, added /var/logs and others logs, poking around with dashboards.

Hi Colin, all :wink:

I am trying to get some additional data from SQ to our Splunk. I was just wondering did anyone else tried that and have some more advanced use cases ready and want to share? If not I may share our use cases later.

What I am working on right now in terms of logging and dashboards:

  • who accessed main page of SQ before login
  • who logged in and how
  • how many users, projects, portfolios we have (to track how fast Teams are adopting SQ) as well to see what is the coverage btw different tenant, we have more than one ogr. in SQ
  • who added a given project/portfolio
  • projects without tags
  • creating more friendly dashboards with vulnerabilities, vulnerabilities per team, per category etc.
  • capturing any other warning or issues via logs (this can be manually checked by downloading a report from SQ, but I wish to automate this)

If you guys - community - have any other requests or have some valid, nice cases, please let me know.

Handy links I used till dates:

https://splunkbase.splunk.com/app/4356

Hello @aga ,

Thanks for your insight, we really appreciate you took the time to share it. We added your feedback internally to track the demand, but this feature is not part of our short-term plans at the moment.

Thanks for the reply on this topic - better late than never :wink:

are you aware of any open-source solutions or Splunk community scripts etc. ?

Not that I am aware of, unfortunately.