Your teammate for Code Quality and Code Security
SonarQube® is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests.
Release Quality Code
Catch tricky bugs to prevent undefined behavior from impacting end-users.
Fix vulnerabilities that compromise your app, and learn AppSec along the way with Security Hotspots.
Make sure your codebase is clean and maintainable, to increase developer velocity!
Before you begin:
- Download and install SonarQube.
- Set up a Connection, which is a source of users. Connections can be databases, social identity providers, or enterprise identity providers, and can be shared among different applications. You may set up more than one connection for use with SSO integrations.
Configure Auth0 SSO Integration
Enter a name for your SSO Integration, configure the following settings, and click Save.
|Callback URL||URL to which the user is redirected after login
Configure integration with SonarQube
To configure the integration with SonarQube, follow the steps below with the data show in the Tutorial view.
- Sing in to your SonarQube with and admin account.
- Go to Administration > Configuration > General Settings > Security > SAML.
- Set Enabled to true.
- Enter an Application ID or leave the default value (sonarqube).
- Enter a Provider Name to show in your SonarQube login page.
- In Provider ID enter the Issuer.
- Enter in SAML login url the Login URL.
- In Provider certificate paste the x.509 certificate.
- In login and name SAML attributes enter
- Save all the values.
For more details, you can follow SonarQube docs, SAML section.
Choose the connections to use with your SSO integration. Users in enabled connections will be allowed to log in to SonarQube. By default, all configured connections are enabled.
- Select the Connections view
- Toggle the sliders next to connection names to enable or disable them.