search
Changelog NotificationsAPIAikido login

How to connect your Sonarcloud account to Aikido

With Aikido's Sonarcloud integration you can combine the powers of Sonarcloud's scanners with Aikido's de-noising engine to get a single dashboard to see all your relevant security issues.

Aikido will only import security-related findings from SonarCloud. No styling-related advice will be imported.

To set up the integration, follow these steps:

hashtag
1. Create an access token

To be able to connect to your Sonarcloud instance, Aikido needs to have an access token to make the API calls. To create this, login to your Sonarcloudarrow-up-right your environment and then follow these steps:

  1. Navigate to "My Account", via the avatar in the top-right corner.

  2. Click on "Securityarrow-up-right" in the tabs in the header of the page, which should take you to the page below.

  3. Enter a name for the token, use something descriptive like "AikidoSecurity integration token".

  4. Copy this token and keep it for the next step

SonarCloud security page for generating and managing user authentication tokens.

hashtag
2. Grab your organization's key

Next, you need to find your organization's key in Sonarcloud. This key is shown on the organization's overview page. ​ This page can be found by again opening the menu that's shown after clicking the avatar in the top-right, and then clicking on the organization you'd like to connect.

The organization's key is shown in the header of the page on the right-hand side.

SonarCloud dashboard for the ZebraSwap project, showing navigation and project details.

hashtag
3. Enable the integration

Go to the integration settings pagearrow-up-right in your Aikido account and scroll down to the "Third-Party Scanners" section. Click on the SonarQube integration card and click on "Connect SonarQube" on the next page.

hashtag
4. Connect your instance

From the dropdown select "Hosted on sonarcloud.io" for the instance kind. To connect your Sonarcloud environment Aikido needs 2 things:

  1. The access token you created in the first step

  2. The key of your organization collected on step 2

Fill both in their respective input fields and click on "Create". We'll let you know if we are able to connect to your environment. If this is the case we'll start scanning your environment for relevant vulnerabilities and report them in your "Feed" in Aikido.

SonarQube Integration setup form with instance, access token, and organization key fields.

Last updated

Was this helpful?