Skip to main content

Set Up Integration from SonarQube to Elastic

SonarQube

Introduction

SonarQube is a self-hosted or cloud-enabled tool that scans source code to detect bugs, vulnerabilities, code smells, duplications, and coverage issues across 30+ languages. It integrates with build tools (Maven, Gradle, MSBuild) and CI/CD pipelines like Jenkins, GitLab, and GitHub Actions. With IDE plugins for VS Code, IntelliJ, Eclipse, and more, it enforces "Clean as You Code" practices during development. Built for DevSecOps, it can block pull requests or deployments if quality gates are not met.

 

Description:
SonarQube does not natively support direct integration with the Elastic Stack for sending code quality metrics. 

However, it can forward logs, metrics, or even SonarQube API data into Elasticsearch using custom setups.

 
What It Does:
  • Sends SonarQube logs to Elasticsearch for indexing and analysis in Kibana.

  • Optionally pushes code quality metrics (bugs, vulnerabilities, coverage, etc.) to Elasticsearch using custom scripts.

  • Enables unified observability of code health and platform behavior inside Elastic Stack.

     

Setup Steps

Option 1: Send Logs to Elastic Using Filebeat

 

Prepare SonarQube Logs

  • Locate logs (default path: /opt/sonarqube/logs/)

    • web.log

    • ce.log

    • es.log

    • sonar.log

Install Filebeat on the SonarQube Host

  • Install Filebeat from

    • https://www.elastic.co/docs/reference/beats/filebeat/filebeat-installation-configuration

 

Configure Filebeat to Read SonarQube Logs

Edit filebeat.yml:

filebeat.inputs:
  - type: log
    enabled: true
    paths:
      - /opt/sonarqube/logs/*.log

output.elasticsearch:
  hosts: ["http://<elasticsearch-host>:9200"]
  username: "elastic"
  password: "your-password"

Start and Enable Filebeat

sudo systemctl enable filebeat
sudo systemctl start filebeat

 

 

Option 2: Push Metrics to Elastic via SonarQube API

 

Enable API Access in SonarQube

  • SonarQube provides a built-in Web API at:

    • http://<sonarqube-host>/api/measures/component

 

Build a Custom Script (Python Example)

Use the API to retrieve metrics like:

GET /api/measures/component?component=<project_key>&metricKeys=bugs,vulnerabilities,coverage

Then push to Elastic:

import requests, json

sonar_url = "http://<sonarqube>/api/measures/component"
params = {"component": "your_project", "metricKeys": "bugs,vulnerabilities,code_smells"}

res = requests.get(sonar_url, params=params)
data = res.json()

# Send to Elasticsearch
es_url = "http://<elasticsearch>:9200/sonarqube-metrics/_doc"
requests.post(es_url, headers={"Content-Type": "application/json"}, data=json.dumps(data))

 

What Happens Next?

ActionResult
SonarQube writes logsFilebeat ships them to Elasticsearch
Kibana receives log dataVisualize system behavior and performance
Script pulls SonarQube metricsElasticsearch stores code health data (via API)
Kibana dashboards can be createdVisualize bugs, vulnerabilities, coverage, etc.

 

Requirements

RequirementPurpose
FilebeatForwards log files to Elasticsearch
ElasticsearchStores both logs and custom metrics
SonarQube APISource of code quality data
Custom ScriptPulls metrics and pushes them to Elastic
Cron (optional)Automates periodic metric synchronization

 

Integration Mapping Summary

ComponentFunction
SonarQube LogsShipped to Elasticsearch via Filebeat
FilebeatCollects and forwards logs
ElasticsearchStores logs and metrics
SonarQube APIRetrieves code metrics like bugs, smells, coverage
Custom ScriptPushes metrics to Elasticsearch
KibanaVisualizes logs and code quality over time