Skip to main content

Set Up Integration from SonarQube to Elastic

SonarQube

Introduction

SonarQube is a self-hosted or cloud-enabled tool that scans source code to detect bugs, vulnerabilities, code smells, duplications, and coverage issues across 30+ languages. It integrates with build tools (Maven, Gradle, MSBuild) and CI/CD pipelines like Jenkins, GitLab, and GitHub Actions. With IDE plugins for VS Code, IntelliJ, Eclipse, and more, it enforces "Clean as You Code" practices during development. Built for DevSecOps, it can block pull requests or deployments if quality gates are not met.

 

Description:
SonarQube does not natively support direct integration with the Elastic Stack for sending code quality metrics. 

However, it can forward logs, metrics, or even SonarQube API data into Elasticsearch using custom setups.

 
What It Does:

  • Sends SonarQube logs to Elasticsearch for indexing and analysis in Kibana.

  • Optionally pushes code quality metrics (bugs, vulnerabilities, coverage, etc.) to Elasticsearch using custom scripts.

  • Enables unified observability of code health and platform behavior inside Elastic Stack.

     

 

Setup Steps

Option 1: Send Logs to Elastic Using Filebeat
Description:

Use

Filebeat

Prepareto collect and forward SonarQube Logs

logs to Elasticsearch for centralized logging and visualization in Kibana.

What It Does:

  • Automatically ships log files from the SonarQube server to Elasticsearch.

  • Allows real-time log monitoring, search, and alerting via Kibana.

  • Supports analysis of SonarQube behavior, errors, and performance patterns.

Steps

Prepare SonarQube Logs

  • Locate logs (default path: /opt/sonarqube/logs/)

    • web.log

    • ce.log

    • es.log

    • sonar.log

Install Filebeat on the SonarQube Host

  • InstallInstall Filebeat from

    • https://www.elastic.co/docs/reference/beats/filebeat/filebeat-installation-configuration

 

Configure Filebeat to Read SonarQube Logs

  • Edit filebeat.yml:
yml configuration file:

filebeat.inputs:
  - type: log
    enabled: true
    paths:
      - /opt/sonarqube/logs/*.log

output.elasticsearch:
  hosts: ["http://<elasticsearch-host>:9200"]
  username: "elastic"
  password: "your-password"

  • Start and Enable Filebeat

sudo systemctl enable filebeat
sudo systemctl start filebeat

 

 

Option 2: Push Metrics to Elastic via SonarQube API

Description:
Use SonarQube’s built-in Web API to extract code quality metrics and push them into Elasticsearch using a custom script.

What It Does:

  • Retrieves metrics like bugs, vulnerabilities, code smells, and coverage.

  • Pushes data to an Elasticsearch index for dashboarding or analysis.

  • Enables tracking of project quality trends over time in Kibana.

Steps:

 

Enable API Access in SonarQube

  • SonarQube provides a built-in Web API at:

    • http://<sonarqube-host>/api/measures/component

 

Build
    a Custom Script (Python Example)

  • Use the API to retrieve metrics like:

    • GET /api/measures/component?component=<project_key>&metricKeys=bugs,vulnerabilities,coverage

    Then

     push

    Build a Custom Script (Python Example) 

    • Use Python to Elastic:
    fetch and send metrics:

    import requests, json

    sonar_url = "http://<sonarqube>/api/measures/component"
    params = {"component": "your_project", "metricKeys": "bugs,vulnerabilities,code_smells"}

    res = requests.get(sonar_url, params=params)
    data = res.json()

    # Send to Elasticsearch
    es_url = "http://<elasticsearch>:9200/sonarqube-metrics/_doc"
    requests.post(es_url, headers={"Content-Type": "application/json"}, data=json.dumps(data))

     

    What Happens Next?

    Action Result
    SonarQube writes logs Filebeat ships them to Elasticsearch
    Kibana receives log data Visualize system behavior and performance
    Script pulls SonarQube metrics Elasticsearch stores code health data (via API)
    Kibana dashboards can be created Visualize bugs, vulnerabilities, coverage, etc.

     

    Requirements

    Requirement Purpose
    Filebeat Forwards log files to Elasticsearch
    Elasticsearch Stores both logs and custom metrics
    SonarQube API Source of code quality data
    Custom Script Pulls metrics and pushes them to Elastic
    Cron (optional) Automates periodic metric synchronization

     

    Integration Mapping Summary

    Component Function
    SonarQube Logs Shipped to Elasticsearch via Filebeat
    Filebeat Collects and forwards logs
    Elasticsearch Stores logs and metrics
    SonarQube API Retrieves code metrics like bugs, smells, coverage
    Custom Script Pushes metrics to Elasticsearch
    Kibana Visualizes logs and code quality over time
    Back to top