Using an on-prem SonarQube server with Azure DevOps

Current situation:
We have an on-prem SonarQube server (Developer Edition, Version 8.4.1) which is only accessible from within the company’s local network. The server is used by multiple company projects. We have defined common quality gates and rule sets there.

The problem:
We are working on a new project which is not hosted in the same way as the other company projects, but instead we want to manage the project, code and pipelines in Azure DevOps. At the same time we want to use the on-prem SonarQube server to utilize the settings, rule sets, quality gates, etc. that we are already using in other projects.

The question(s):

  • Are we able to use our on-prem server in our company network and Azure DevOps together?
  • Is SonarQube for Azure DevOps ( Link to Marketplace ) the right choice?
  • When we install a plugin into Azure DevOps, what is the best way to connect it to the on-prem SonarQube server?

Note:

  • We don’t have any static or guaranteed IP address in Azure.
  • We don’t want to make our on-prem SonarQube server fully accessible from the internet.
  • Security is the priority.
1 Like

Hi Josef, welcome to the community!

I assume you refer to Azure DevOps Services, hosted by Microsoft/Azure on the public cloud. Let me answer the questions below:

  • Are we able to use our on-prem server in our company network and Azure DevOps together? Yes. Azure DevOps Services is yet to be officially supported in the next LTS (ticket here), but we know of working setups already. The Azure DevOps environment will need to reach your SonarQube server, and your SonarQube server will also need to reach the Azure DevOps environment for some features to work (like Pull Request decoration and project onboarding). You will need your network team to open the communication to and from the SonarQube server in this sense.
  • Is SonarQube for Azure DevOps ( Link to Marketplace ) the right choice? Yes, please read how to integrate your Azure pipelines here. For the Azure Collection URL, use the base URL of your Organization, e.g. https://dev.azure.com/<your_azo_org>/
  • When we install a plugin into Azure DevOps, what is the best way to connect it to the on-prem SonarQube server? Please follow the instructions above, they should clarify this.

Hope it helps, cheers,
Daniel

Hello Daniel,
thanks for the answer.
We are going to upgrade the SonarQube server to 8.6 soon and when the next LTS is released, we will upgrade as soon as possible.

I have a question regarding the network communication. We can not fully open the SonarQube server for incoming connections but we are able to select particular API endpoints and make them available through a proxy. Is the API enough for the integration and the features (Pull Request decoration and project onboarding) to work? If yes, which API endpoints need to be accessible?

Hi Josef,

My advice is to open full access to SonarQube API for Azure DevOps. You can be restrictive based on the origin of the request instead of the exact API endpoint target of the request. We do not test our product in such a scenario and I wouldn’t be able to tell you all the endpoints that are used, which are many.

Hope that helps, regards,
Daniel

Hi Josef/Daniel - I’m kind of stuck at the very same juncture/dilemma of opening up the entire server to public internet to allow access from Azure DevOps.

Maybe things have changed from the time this post was concluded.

Please provide inputs on controlling the public access and ability to integrate with ADO.

Thanks
Raghu