SonarCloud

Overview

This document provides a detailed guide to integrating SonarCloud with Callgoose SQIBS for real-time Incident Management, Code Quality Monitoring, and other automation purposes. The integration enables automatic creation, updating, and resolution of incidents in Callgoose SQIBS based on code quality alerts triggered in SonarCloud. The guide includes steps for setting up alerts in SonarCloud, configuring webhook notifications, creating API filters in Callgoose SQIBS, and troubleshooting.

Prerequisites

• SonarCloud Account: Access to SonarCloud for managing code quality and setting up webhooks.
• Callgoose SQIBS Account: With valid privileges to set up API filters and receive notifications.
• Webhook/API Endpoint: Available in Callgoose SQIBS to receive alerts from SonarCloud.

1. Obtain API Token and Endpoint Details

To integrate with Callgoose SQIBS, you first need to obtain an API token and find the API endpoint details.

1. Generate an API Token:

• Follow the guide on How to Create API Token in Callgoose SQIBS.

1. Find the API Endpoint:

• Refer to the Callgoose SQIBS API Endpoint Documentation to get the endpoint details where the JSON payloads from SonarCloud will be sent.

2. Debugging and Troubleshooting

You can enable debugging in the API tokens used with SonarCloud notifications for troubleshooting purposes.

• Enable Debugging:
• Update the debug value when adding or updating an API token.
• When API tracking is enabled, logs are stored in the API log section for your review. The debugging option will automatically disable after 48 hours.
• When API tracking is turned off, no logs are saved in the API log.
• Using API Log for Troubleshooting:
• The API log provides detailed information on all API calls made to Callgoose SQIBS.
• Check the JSON values in each API log entry for troubleshooting purposes.
• Use the information in the API log to create or refine API filters to ensure incidents are created correctly based on the API payloads received.
• Callgoose SQIBS creates incidents according to your API filter configuration, giving you full control over how alerts from different services trigger incidents and alerts for your support team or automation processes.

3. Configuring SonarCloud to Send JSON Payloads

3.1 Setting Up Alerts in SonarCloud

To generate the required JSON payloads, you first need to set up alerts within SonarCloud.

1. Log in to the SonarCloud Console:

• Access the SonarCloud platform using your account credentials.

1. Navigate to the Webhooks Section:

• Go to the Project Settings > Webhooks in your SonarCloud project.

1. Create a New Webhook:

• Click on "Create Webhook" to add a new webhook.
• Specify Webhook URL: Enter the webhook URL provided by Callgoose SQIBS.

3.2 Configuring the Webhook Notification

To ensure that the JSON payload sent matches the examples provided, follow these steps when configuring the webhook:

1. Add Webhook URL:

• In the Webhook URL field, enter the endpoint provided by Callgoose SQIBS.
• Ensure the protocol is HTTPS for secure data transmission.

1. Customize Payload Format:

• Ensure that the payload includes key fields like "status", "severity", "message", "project", "branch", and others as shown in the example payloads.
• Example Payload Setup:

json

{
  "status": "OPEN",
  "severity": "CRITICAL",
  "message": "Security hotspot detected",
  "project": "example-project",
  "branch": "main",
  "timestamp": "2024-08-05T12:00:00.000Z"
}

1. Test the Webhook Configuration:

• Before activating the webhook, perform a test to ensure that the JSON payload is correctly formatted and is being sent to the Callgoose SQIBS API endpoint as expected.
• Review the payload in Callgoose SQIBS to confirm that it matches the expected structure.

3.3 Finalizing and Testing

1. Save and Activate the Webhook:

• Once the webhook is correctly configured, save the webhook configuration and activate it.

1. Validate the Integration:

• Trigger a code quality issue manually if possible to verify that the correct JSON payload is sent to Callgoose SQIBS.
• Resolve the issue to ensure the resolved state payload is also correctly sent and processed.

4. Configuring Callgoose SQIBS

4.1 Create API Filters in Callgoose SQIBS

To correctly map incidents from the SonarCloud alerts, you need to create API filters based on the JSON payloads received.

4.1.1 Example JSON Payloads from SonarCloud

Alert Triggered (status: "OPEN")

json

{
  "status": "OPEN",
  "severity": "CRITICAL",
  "message": "Security hotspot detected",
  "project": "example-project",
  "branch": "main",
  "timestamp": "2024-08-05T12:00:00.000Z"
}

Alert Resolved (status: "CLOSED")

json

{
  "status": "CLOSED",
  "severity": "CRITICAL",
  "message": "Security hotspot resolved",
  "project": "example-project",
  "branch": "main",
  "timestamp": "2024-08-05T12:30:00.000Z"
}

4.2 Configuring API Filters

4.2.1 Integration Templates

If you see a SonarCloud integration template in the "Select Integration Template" dropdown in the API filter settings, you can use it to automatically add the necessary Trigger and Resolve filters along with other values. The values added by the template can be modified to customize the integration according to your requirements.

4.2.2 Manually Add/Edit the Filter

• Trigger Filter (For Creating Incidents):
• Payload JSON Key: "status"
• Key Value Contains: [OPEN]
• Map Incident With: "project"
• This corresponds to the unique project from the SonarCloud payload.
• Incident Title From: "message"
• This will use the alert message as the incident title in Callgoose SQIBS.
• Incident Description From: Leave this empty unless you want to use a specific key-value from the JSON payload. If a key is entered, only the value for that key will be used as the Incident Description instead of the full JSON. By default, the Incident Description will include the full JSON values.
• Resolve Filter (For Resolving Incidents):
• Payload JSON Key: "status"
• Key Value Contains: [CLOSED]
• Incident Mapped With: "project"
• This ensures the incident tied to the specific project is resolved when the alert status returns to normal.

Refer to the API Filter Instructions and FAQ for more details.

5. Testing and Validation

5.1 Triggering Alerts

1. Simulate a Code Quality Issue:

• Trigger a condition in SonarCloud that causes an alert (e.g., a new critical code quality issue in the main branch).
• Verify that an incident is created in Callgoose SQIBS with the correct information.

5.2 Resolving Alerts

1. Acknowledge and Resolve the Alert:

• Once the issue is resolved in SonarCloud (e.g., the code quality issue is fixed and the branch is rescanned), verify that the incident in Callgoose SQIBS is automatically marked as resolved.

6. Security Considerations

• API Security: Ensure that the Callgoose SQIBS API endpoint is correctly configured and that the API token is securely stored and used.
• SonarCloud Permissions: Confirm that the webhook in SonarCloud has appropriate permissions to send alerts and data to Callgoose SQIBS.
• Data Encryption: Ensure that the transmission of data between SonarCloud and Callgoose SQIBS is encrypted, especially if sensitive information is involved.

7. Troubleshooting

• No Incident Created: If no incident is created, verify that the webhook URL in SonarCloud is correct and that the JSON payload structure matches the API filters configured in Callgoose SQIBS.
• Incident Not Resolved: Ensure that the resolve filter in Callgoose SQIBS is correctly configured and that the JSON payload sent by SonarCloud matches the expected structure.

8. Conclusion

This guide provides a comprehensive overview of how to integrate SonarCloud with Callgoose SQIBS for effective incident management. By following the steps outlined, you can ensure that code quality alerts from SonarCloud are automatically reflected as incidents in Callgoose SQIBS, with proper resolution tracking when the issues are resolved.

For further customization or advanced use cases, refer to the official documentation for both SonarCloud and Callgoose SQIBS:

• SonarCloud Documentation
• Callgoose SQIBS API Token Documentation
• Callgoose SQIBS API Endpoint Documentation
• API Filter Instructions and FAQ
• How to Send API

This documentation will guide you through the integration process, ensuring that your incidents are managed effectively within Callgoose SQIBS based on real-time alerts from SonarCloud.