SonarQube Cloud Integration

The Oobeya–Sonar Integration connects SonarQube and SonarCloud with Oobeya’s Engineering Intelligence Platform, turning code quality and security data into actionable insights.

Delivering high-quality software requires continuous attention to code reliability, security, and maintainability. By integrating SonarCloud with Oobeya, your teams gain end-to-end visibility into code quality, technical debt, and maintainability trends — all in one place.

1. Generate a SonarCloud Token

A Personal Access Token (PAT) allows Oobeya to connect to your SonarCloud organization securely.

The token creation & lifecycle rules are managed in your SonarCloud My Account → Security page. See Managing Personal Access Tokens in the official docs. docs.sonarsource.com

Steps

  1. Log in to SonarCloud.

  2. Click your user avatar (top-right) → My AccountSecurity.

  3. In Tokens, enter a name (e.g., oobeya-integration) and select Generate.

  4. Copy and store the token securely — it’s shown only once.

Good to know: SonarCloud may automatically remove inactive tokens after a period (e.g., 60 days of inactivity). Rotate/renew tokens as needed. docs.sonarsource.com

2. Find Your Organization Key

Oobeya uses the Organization Key (not just the display name) to fetch projects from SonarCloud.

Ways to get it

  • From the SonarCloud UI: open your org; the key appears in the org page/URL (e.g., https://sonarcloud.io/organizations/<organization_key>/projects).

  • Or go to the org settings page and see/edit the Organization key.

3. Install the SonarCloud Add-on in Oobeya

  1. Log in to Oobeya with an Administrator account.

  2. Navigate to Integrations.

  3. Find SonarCloud and click Install.

4. Add a New SonarCloud Data Source

  1. Go to Data Sources → SonarCloud.

  2. Click New Data Source.

  3. Fill out the form:

    • Name: e.g., SonarCloud – Production

    • Base URL: https://sonarcloud.io

    • Organization Key: (from Step 2)

    • User Token: (from Step 1)

  4. Click Test Connection to verify access.

5. Explore Your Code Quality Insights

After integration, Oobeya continuously imports your SonarCloud metrics, including:

  • Issues: Bugs, Vulnerabilities, Code Smells

  • Quality Gate Status

  • Technical Debt

  • Maintainability, Reliability, Security ratings

View them in:

  • Dashboards — for portfolio/org visibility

Improved visibility and ownership

  • Organizational, Team, and Individual Scorecards — to track trends & KPIs

Team Scorecards

  • Engineering Insights / Symptoms — to proactively detect unhealthy practices

Code Quality Insights: Auto-detected Symptoms

  • Gamification — to drive positive behaviors

Code Quality and Security metrics in gamification

6. Troubleshooting

Issue
Possible Cause
Fix

401 Unauthorized

Invalid/expired token

Re-generate a valid token in My Account → Security and update the data source. docs.sonarsource.com

Organization not found

Wrong Organization Key (display name vs key)

Use the org key from the org URL or settings page. docs.sonarsource.com

No projects discovered

Token user lacks access / projects private via ALM binding

Ensure the token’s user actually has access to the organization and projects in SonarCloud. Re-check ALM bindings/visibility in SonarCloud.

Connection timeout

Corporate firewall/proxy blocks egress

Allow outbound access from Oobeya to https://sonarcloud.io and required endpoints.

SSL / TLS error

Middlebox/proxy inspection or cert issue

Ensure standard TLS outbound is allowed; avoid interception that breaks TLS handshakes.

Need help? Contact Oobeya Support or your Customer Success Manager.

Summary: Connect in 4 Steps

Step
Action
Result

1

Generate a SonarCloud token

Secure API access

2

Get your Organization Key

Correct org scoping

3

Install the SonarCloud add-on

Enable integration

4

Add Data Source & test

Start syncing insights

PreviousSonarQube IntegrationNextVeracode Integration

Last updated

Was this helpful?