Connect with SonarQube

Last updated on Feb 11, 2026

---

tip

The SonarQube integration is in beta. To request access, contact Harness Support.

SonarQube is an open-source platform for continuous inspection of code quality. It performs automatic static analysis to detect bugs, code quality issues, and security vulnerabilities.

On initial setup, Harness SEI backfills up to 6 months of historical code quality findings. When configured, Harness SEI can ingest and validate SonarQube code quality data.

Prerequisites

Before you begin, ensure that you have:

• An SEI Admin role
• Access to a SonarQube or SonarQube Cloud account and can generate a SonarQube API token with read access to the required organizations and projects

Create a SonarQube API token

To configure the SonarQube integration, create an API token in SonarQube. The token must be either a User Token or a Global Analysis Token, and have permission to read organization and project-level analysis data. For SonarQube Cloud, tokens are associated with a user and scoped by that user's organization access.

The token must have access to all organizations and projects you want SEI to monitor, and the following required permission:

Permission	Why it’s required
Browse	Allows SEI to access projects, metrics, issues, and quality gate status

Harness recommends using a service account user token with read-only access and no expiry or a long-term expiry (1+ year). This helps ensure uninterrupted ingestion and avoids issues caused by employee turnover.

SonarQube tokens can also be scoped at the organization level. For more information about creating scoped organization tokens, see the official SonarQube documentation.

info

If your SonarQube instance uses an allowlist, ensure that required Harness IP addresses are permitted. For more information, see Harness Platform IPs.

Add the integration

To add the integration:

1. From the SEI navigation menu, click Account Management.

2. On the Integrations page, select the Available Integrations tab.

3. Locate the SonarQube integration and click Add Integration.

4. In the Overview section, provide a name for the integration (for example, SonarQube Production) and optionally, add tags.

5. Click Continue.

6. Add your SonarQube instance URL (for example, https://sonarcloud.io) in the SonarQube URL field.

7. Enter your SonarQube API token in the API Token field. The token must be a User Token or Global Analysis Token.

8. Click Continue.

9. Optionally, limit ingestion to a specific organization or set of projects by entering a name in the Organization field and a project key in the Project Keys field.

   • Project keys are case-sensitive.
   • Leave the Project Keys field empty to ingest all projects.

10. Click Continue to validate the connection.

11. Once validation succeeds, click Finish.

Integration monitoring

Once you've configured the integration, you can monitor ingestion activity on the Monitoring tab in the SonarQube integration page.

The Monitoring tab displays ingestion logs that show the status and execution details of each sync. You can filter logs by Status, such as Success, Failed, Pending, or Scheduled.

Ingestion logs

You can use ingestion logs to validate successful syncs and troubleshoot ingestion issues. Each ingestion run includes the following information:

Column	Description
Scan Range Time	The time window for which data was retrieved.
Data Retrieval Process	The ingestion process used.
Task Start Time	When the job started.
Status	Execution status (for example, Success or Failed).
Time to Complete	Total runtime for the job.
Retries	Number of retries before completion.