SonarQube webhook to notify GitLab

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube = sonarqube-developer-8.4.1.35646
    Scanner = sonar-scanner-4.4.0.2170-windows
  • what are you trying to achieve
    I want to create a webhook to notify GitLab after every scan of C++ project
  • what have you tried so far to achieve this
    From GitLab
    I’ve created an Alert as follows

image.png

From SonarQube
I’ve created a Webhook as follows

image.png

Note that the URL is set with the Webhook URL from GitLab and the Secret is also set with the Authorization key from GitLab

Then I’ve executed a scan from SonarQube Runner to scan a C++ project and it has done successfully.

image.png

==> but I’ve seen no new Alert created from the GitLab Alerts page

Then I’ve executed this statement from Curl prompt to verify.
curl -X GET -u bbf841b95150f6c7d501c3d3bfb5b7c564ae6d16: http://localhost:9000/api/webhooks/list

And got this message
{“webhooks”:[{“key”:“AXSU_QB_momsnw2oNezp”,“name”:“GitLab”,“url”:“https://gitlab.com/brianvkn/sonarqubehook/alerts/notify.json",“latestDelivery”:{“id”:“AXSXRmA68Yocb3BQ-UHi”,“at”:“2020-09-16T07:16:45-0700”,“**success”:false**,“httpStatus”:401,“durationMs”:463},“secret”:"ae6a5293dd68a0cc9c7bf3fbc6610aaf”}]}

==> httpStatus 401 is telling me that there was an issue with authentication. Could you help tell me what possibly was missing?

Thanks,

Brian

Hi Brian,

Unfortunately, none of your images came through. When I look at the source of your post I see references to mail.google.com so I don’t think what you intended is what happened.

 
Ann

Hi Ann,

Sorry about that.
Here is my issue report again. I’ve uploaded 3 images as well.

Thank you in advance for your time and assistance. I look forward to hearing from you soon.
-Brian

From GitLab
I’ve created an Alert as follows

From SonarQube
I’ve created a Webhook as follows

SonarQubeWebhook

Note that the URL is set with the Webhook URL from GitLab and the Secret is also set with the Authorization key from GitLab

Then I’ve executed a scan from SonarQube Runner to scan a C++ project and it has done successfully.

SonarQubeScannerResult

==> but I’ve seen no new Alert created from the GitLab Alerts page

Then I’ve executed this statement from Curl prompt to verify.
curl -X GET -u bbf841b95150f6c7d501c3d3bfb5b7c564ae6d16: http://localhost:9000/api/webhooks/list

And got this message
{“webhooks”:[{“key”:“AXSU_QB_momsnw2oNezp”,“name”:“GitLab”,“url”:"https://gitlab.com/brianvkn/sonarqubehook/alerts/notify.json",“latestDelivery”:{“id”:“AXSXRmA68Yocb3BQ-UHi”,“at”:“2020-09-16T07:16:45-0700”," success":false ,“httpStatus”:401,“durationMs”:463},“secret”:“ae6a5293dd68a0cc9c7bf3fbc6610aaf”}]}

==> httpStatus 401 is telling me that there was an issue with authentication. Could you help tell me what was missing?

Hi Brian,

(FYI, I’ve edited your post to put the images inline.)

I’m no GitLab expert, but maybe we can figure this out together. I guess the Alert on the GL side is to … “alert” you when it receives the webhook call from SonarQube?

On the SonarQube side, webhooks are called at the end of analysis report processing. You can see the result of a webhook call there in that same interface in your screenshot. There’s a link in the “last delivery” column

to see the result:

So the first thing would be to check the response code your webhook delivery got. Then we can go from there.

 
Ann

Hi Ann,

Based your screenshot, did your http://test.com receive a notification from your SonarQube webhook? How does the notification message look? Does it include the scanning results? If Yes, what is the format of the scanning results? Is it in JSON or CSV format?

Thanks,

Brian

Hi Brian,

To be honest, I didn’t pay close attention to the ‘to’ address when I took that screenshot. We don’t control test.com, which I suppose is why the webhook got a 301. The payload, as you can see from the second screenshot, is JSON.

But the question was what response code your webhook got.

 
Ann