SonarQube Cloud Integration

The Oobeya–Sonar Integration connects SonarQube Server and SonarQube Cloud with Oobeya’s Engineering Intelligence Platform, turning code quality and security data into actionable insights.

Delivering high-quality software requires continuous attention to code reliability, security, and maintainability. By integrating SonarQube Cloud with Oobeya, your teams gain end-to-end visibility into code quality, technical debt, and maintainability trends — all in one place.

1. Generate a SonarQube Cloud Token

A Personal Access Token (PAT) allows Oobeya to connect to your SonarQube Cloud organization securely.

The token creation & lifecycle rules are managed in your SonarQube Cloud My Account → Security page. See Managing Personal Access Tokens in the official docs. docs.sonarsource.com

Steps

Log in to SonarQube Cloud.
Click your user avatar (top-right) → My Account → Security.
In Tokens, enter a name (e.g., oobeya-integration) and select Generate.
Copy and store the token securely — it’s shown only once.

Good to know: SonarQube Cloud may automatically remove inactive tokens after a period (e.g., 60 days of inactivity). Rotate/renew tokens as needed. docs.sonarsource.com

2. Find Your Organization Key

Oobeya uses the Organization Key (not just the display name) to fetch projects from SonarQube Cloud.

Ways to get it

From the SonarQube Cloud UI: open your org; the key appears in the org page/URL (e.g., https://sonarcloud.io/organizations/<organization_key>/projects).
Or go to the org settings page and see/edit the Organization key.

3. Install the SonarQube Cloud Add-on in Oobeya

Log in to Oobeya with an Administrator account.
Navigate to Integrations.
Find SonarQube Cloud and click Install.

4. Add a New SonarQube Cloud Data Source

Go to Data Sources → SonarQube Cloud.
Click New Data Source.
Fill out the form:
- Name: e.g., SonarQube Cloud – Production
- API Token: (from Step 1)
- Organization Key: (from Step 2)
Click Test Connection to verify access.

5. Explore Your Code Quality Insights

After integration, Oobeya continuously imports your SonarQube Cloud metrics, including:

Issues: Bugs, Vulnerabilities, Code Smells
Quality Gate Status
Technical Debt
Maintainability, Reliability, Security ratings

View them in:

Dashboards — for portfolio/org visibility

Organizational, Team, and Individual Scorecards — to track trends & KPIs

Engineering Insights / Symptoms — to proactively detect unhealthy practices

Gamification — to drive positive behaviors

6. Troubleshooting

Issue

Possible Cause

Fix

401 Unauthorized

Invalid/expired token

Re-generate a valid token in My Account → Security and update the data source. docs.sonarsource.com

Organization not found

Wrong Organization Key (display name vs key)

Use the org key from the org URL or settings page. docs.sonarsource.com

No projects discovered

Token user lacks access / projects private via ALM binding

Ensure the token’s user actually has access to the organization and projects in SonarQube Cloud. Re-check ALM bindings/visibility in SonarQube Cloud.

Connection timeout

Corporate firewall/proxy blocks egress

Allow outbound access from Oobeya to https://sonarcloud.io and required endpoints.

SSL / TLS error

Middlebox/proxy inspection or cert issue

Ensure standard TLS outbound is allowed; avoid interception that breaks TLS handshakes.

Need help? Contact Oobeya Support or your Customer Success Manager.

Summary: Connect in 4 Steps

Step

Action

Result

Generate a SonarQube Cloud token

Secure API access

Get your Organization Key

Correct org scoping

Install the SonarQube Cloud add-on

Enable integration

Add Data Source & test

Start syncing insights

PreviousSonarQube Server Integration NextVeracode Integration

Last updated 13 days ago

Was this helpful?