Set Up Integration from SonarQube to Elastic
SonarQube
Introduction
SonarQube is a self-hosted or cloud-enabled tool that scans source code to detect bugs, vulnerabilities, code smells, duplications, and coverage issues across 30+ languages. It integrates with build tools (Maven, Gradle, MSBuild) and CI/CD pipelines like Jenkins, GitLab, and GitHub Actions. With IDE plugins for VS Code, IntelliJ, Eclipse, and more, it enforces "Clean as You Code" practices during development. Built for DevSecOps, it can block pull requests or deployments if quality gates are not met.
Description:
SonarQube does not natively support direct integration with the Elastic Stack for sending code quality metrics.
However, it can forward logs, metrics, or even SonarQube API data into Elasticsearch using custom setups.
What It Does:
-
Sends SonarQube logs to Elasticsearch for indexing and analysis in Kibana.
-
Optionally pushes code quality metrics (bugs, vulnerabilities, coverage, etc.) to Elasticsearch using custom scripts.
-
Enables unified observability of code health and platform behavior inside Elastic Stack.
Setup Steps
Option 1: Send Logs to Elastic Using Filebeat
Prepare SonarQube Logs
-
Locate logs (default path: /opt/sonarqube/logs/)
-
web.log
-
ce.log
-
es.log
-
sonar.log
-
Install Filebeat on the SonarQube Host
-
Install Filebeat from
-
https://www.elastic.co/docs/reference/beats/filebeat/filebeat-installation-configuration
-
Configure Filebeat to Read SonarQube Logs
Edit filebeat.yml:
filebeat.inputs:
- type: log
enabled: true
paths:
- /opt/sonarqube/logs/*.logoutput.elasticsearch:
hosts: ["http://<elasticsearch-host>:9200"]
username: "elastic"
password: "your-password"
Start and Enable Filebeat
sudo systemctl enable filebeat
sudo systemctl start filebeat
Option 2: Push Metrics to Elastic via SonarQube API
Enable API Access in SonarQube
-
SonarQube provides a built-in Web API at:
-
http://<sonarqube-host>/api/measures/component
-
Build a Custom Script (Python Example)
Use the API to retrieve metrics like:
GET /api/measures/component?component=<project_key>&metricKeys=bugs,vulnerabilities,coverage
Then push to Elastic:
import requests, json
sonar_url = "http://<sonarqube>/api/measures/component"
params = {"component": "your_project", "metricKeys": "bugs,vulnerabilities,code_smells"}res = requests.get(sonar_url, params=params)
data = res.json()# Send to Elasticsearch
es_url = "http://<elasticsearch>:9200/sonarqube-metrics/_doc"
requests.post(es_url, headers={"Content-Type": "application/json"}, data=json.dumps(data))
What Happens Next?
| Action | Result |
|---|---|
| SonarQube writes logs | Filebeat ships them to Elasticsearch |
| Kibana receives log data | Visualize system behavior and performance |
| Script pulls SonarQube metrics | Elasticsearch stores code health data (via API) |
| Kibana dashboards can be created | Visualize bugs, vulnerabilities, coverage, etc. |
Requirements
| Requirement | Purpose |
|---|---|
| Filebeat | Forwards log files to Elasticsearch |
| Elasticsearch | Stores both logs and custom metrics |
| SonarQube API | Source of code quality data |
| Custom Script | Pulls metrics and pushes them to Elastic |
| Cron (optional) | Automates periodic metric synchronization |
Integration Mapping Summary
| Component | Function |
|---|---|
| SonarQube Logs | Shipped to Elasticsearch via Filebeat |
| Filebeat | Collects and forwards logs |
| Elasticsearch | Stores logs and metrics |
| SonarQube API | Retrieves code metrics like bugs, smells, coverage |
| Custom Script | Pushes metrics to Elasticsearch |
| Kibana | Visualizes logs and code quality over time |