SonarQube is an open-source tool suite to measure and analyze the quality of source code. It focuses on the following code quality areas, which are referred to as the “7 axes of code quality”: comments, architecture and design, duplication, coding rules, potential bugs, unit tests, and complexity. The SonarQube plugin uses webhooks to retrieve data from SonarQube and the results are displayed on HCL Accelerate dashboard.

Quick Info

HCL Accelerate
HCL Accelerate version 2.0 or later
Created by
HCL Software
Updated Date
June 14, 2021
Version Name Modified date Action


ucv-ext-sonarqube:1.0.34.tar 08-Feb-2021 07:43


ucv-ext-sonarqube:1.0.42.tar 14-Jun-2021 10:22






HCL Accelerate elevates the value of code quality data by providing a rich context for visibility, analysis, and results. SonarQube metrics used by HCL Accelerate include bugs, code smells, and security vulnerabilities. From an operational perspective, continuous integration often relies on quality gates to keep code quality high. HCL Accelerate is designed for operational value as well.

SonarQube integrates with HCL Accelerate by targeting an integration endpoint URL with a webhook. SonarQube will then notify that endpoint to retrieve data whenever a project analysis finishes. The following diagram shows the flow between SonarQube and HCL Accelerate.


The following table describes the changes made in each plugin version.

Plugin history details
Version Description
1.0.42 Minor enhancements
1.0.34 Minor enhancements


To use the SonarQube plugin, the plugin must be loaded and an instance created before you can configure the plugin integration. You define configuration properties in the user interface or in a JSON file. To invoke the plugin, you must send an HTTP Post to request the plugin endpoint.

Integration Type

The SonarQube plugin supports endpoint integration which are listed in the following table.

Name Path Method
SonarQube Callback https://accelerate_hostname/reporting-consumer/pluginEndpoint/integration_id/sonarqube/callback Post


There are two methods to integrate the plugin:

  • Using the user interface
  • Using a JSON file

Using the user interface

  1. From the Plugins page, click Settings > Integrations > Plugins.
  2. Under the Action column for the plugin, click Add Integration.
  3. On the Add Integration page enter values for the fields used to configure the integration and define communication.
  4. Click Save.

Using a JSON file

The JSON file contains the information for creating a value stream and integrating with the IBM Engineering WorkFlow Management (EWM) server. The following table describes the information for the creating a HCL Accelerate value stream map.

  1. Download the value stream map. The value stream map is a JSON file used to define integrations.
  2. Edit the JSON file to include the plugin configuration properties.
  3. Save and upload the JSON file. This replaces the current JSON file with the new content.
  4. View the new integration on the Integrations page.

Creating the SonarQube Webhook

The SonarQube webhook must target the HCL Accelerate integration’s endpoint URL which has two variables:

  • the hostName:port for HCL Accelerate, as well as the integration ID. This means that the HCL Accelerate integration
    must always be setup first and that the integration ID is known before we can provide the webhook URL. Once the
    endpoint URL is constructed, it is simply a matter of creating a webhook in SonarQube with that URL. For
    information on creating the webhook, see the SonarQube Webhooks documentation. In general, you will need administrative
    permissions and can add two types of webhooks within SonarQube:

    1. Project scoped webhooks
    2. Globally scoped webhooks

    What you have available will depend on your version of SonarQube but it is good to be aware that a global webhook
    will send data for all projects, while a project scoped webhook will only send data for the specific project to
    which it belongs. Also, in general, SonarQube limits its number of webhooks at both the project and global levels.
    Refer to your SonarQube documentation for details of webhook management.

Configuration Properties

The following tables describe the properties used to configure the integration. Each table contains the field name when using the user interface and the property name when using a JSON file.

  • The General Configuration Properties table describes configuration properties used by all plugin integrations.
  • The SonarQube Configuration Properties table describes the configuration properties that define the connection and communications with the SonarQube server. When using the JSON method to integrate the plugin these properties are coded within the properties configuration property.

Not all configuration properties are initially displayed in the user interface, to see all properties enable the Hidden field.

General Configuration properties
Name Description Required Property Name
NA The version of the plugin that you want to use. To view available versions, click the Version History tab. If a value is not specified, the version named latest is used. No image
Integration Name An assigned name to the value stream. Yes name
Logging Level The level of Log4j messages to display in the log file. Valid values are: all, debug, info, warn, error, fatal, off, and trace. No loggingLevel
NA List of plugin configuration properties used to connect and communicate with the SonarQube server. Enclose the properties within braces. Yes properties
The name of the tenant. Yes tenant_id
NA Unique identifier assigned to the plugin. The value for the SonarQube plugin is ucv-ext-sonarqube. Yes type
SonarQube Configuration Properties
Name Type Description Required
HCL Accelerate Hostname String The HCL Accelerate hostname including the port if applicable. For example: AccelerateHost:9000. API only
HCL Accelerate Access Key Secure The access key used to authenticate to HCL Accelerate. You can use a previously generated key or generate a new key. Yes
Integration Name String A name used to reference the integration. Yes
SonarQube Auth Token Secure The SonarQube authentication token. You can use a previously generated token or generate a new token in SonarQube. Yes
SonarQube URL String The base URL of the SonarQube server including the port number. For example: https://sonarQubeHost:9000. Yes