Set Up Integration from SonarQube

SonarQube

Introduction

SonarQube is a self-hosted or cloud-enabled tool that scans source code to detect bugs, vulnerabilities, code smells, duplications, and coverage issues across 30+ languages. It integrates with build tools (Maven, Gradle, MSBuild) and CI/CD pipelines like Jenkins, GitLab, and GitHub Actions. With IDE plugins for VS Code, IntelliJ, Eclipse, and more, it enforces "Clean as You Code" practices during development. Built for DevSecOps, it can block pull requests or deployments if quality gates are not met.

Description:
SonarQube does not natively support direct integration with the Elastic Stack for sending code quality metrics. 

However, it can forward logs, metrics, or even SonarQube API data into Elasticsearch using custom setups.

What It Does:

• Sends SonarQube logs to Elasticsearch for indexing and analysis in Kibana.

• Optionally pushes code quality metrics (bugs, vulnerabilities, coverage, etc.) to Elasticsearch using custom scripts.

• Enables unified observability of code health and platform behavior inside Elastic Stack.

   

Option 1: Send Logs to Elastic Using Filebeat

Description:

Use Filebeat to collect and forward SonarQube logs to Elasticsearch for centralized logging and visualization in Kibana.

What It Does:

• Automatically ships log files from the SonarQube server to Elasticsearch.

• Allows real-time log monitoring, search, and alerting via Kibana.

• Supports analysis of SonarQube behavior, errors, and performance patterns.

Steps

Prepare SonarQube Logs

• Locate logs (default path: /opt/sonarqube/logs/)

  • web.log

  • ce.log

  • es.log

  • sonar.log

Install Filebeat on the SonarQube Host

• Install Filebeat from

  • https://www.elastic.co/docs/reference/beats/filebeat/filebeat-installation-configuration

Configure Filebeat to Read SonarQube Logs

• Edit filebeat.yml configuration file:

filebeat.inputs:
  - type: log
    enabled: true
    paths:
      - /opt/sonarqube/logs/*.log

output.elasticsearch:
  hosts: ["http://<elasticsearch-host>:9200"]
  username: "elastic"
  password: "your-password"

• Start and Enable Filebeat

sudo systemctl enable filebeat
sudo systemctl start filebeat

Option 2: Push Metrics to Elastic via SonarQube API

Description:
Use SonarQube’s built-in Web API to extract code quality metrics and push them into Elasticsearch using a custom script.

What It Does:

• Retrieves metrics like bugs, vulnerabilities, code smells, and coverage.

• Pushes data to an Elasticsearch index for dashboarding or analysis.

• Enables tracking of project quality trends over time in Kibana.

Steps:

Enable API Access in SonarQube

• SonarQube provides a built-in Web API at:

• • http://<sonarqube-host>/api/measures/component
    

• Use the API to retrieve metrics like:

GET /api/measures/component?component=<project_key>&metricKeys=bugs,vulnerabilities,coverage

Build a Custom Script (Python Example) 

• Use Python to fetch and send metrics:

import requests, json

sonar_url = "http://<sonarqube>/api/measures/component"
params = {"component": "your_project", "metricKeys": "bugs,vulnerabilities,code_smells"}

res = requests.get(sonar_url, params=params)
data = res.json()

# Send to Elasticsearch
es_url = "http://<elasticsearch>:9200/sonarqube-metrics/_doc"
requests.post(es_url, headers={"Content-Type": "application/json"}, data=json.dumps(data))

What Happens Next?

Requirements

Integration Mapping Summary