{"id":24586764,"url":"https://github.com/racoolstudio/sonarqube-bot","last_synced_at":"2026-05-20T19:10:40.575Z","repository":{"id":271604756,"uuid":"913503673","full_name":"racoolstudio/sonarQube-Bot","owner":"racoolstudio","description":"SonarQube-Bot is a tool that integrates SonarQube with GitHub to automatically create comments on pull requests based on the analysis results. When a new commit is pushed to a pull request, the bot reviews the issues reported by SonarQube and creates a comment highlighting the new issues identified in that commit.","archived":false,"fork":false,"pushed_at":"2025-01-23T15:35:39.000Z","size":1096,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-23T16:32:04.364Z","etag":null,"topics":["bot","github-bot","jenkins","sonarqube"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/racoolstudio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-07T20:12:13.000Z","updated_at":"2025-01-23T15:37:18.000Z","dependencies_parsed_at":"2025-01-08T19:34:07.896Z","dependency_job_id":"ccf5e5fd-3a1d-46ed-aaea-a0833f940799","html_url":"https://github.com/racoolstudio/sonarQube-Bot","commit_stats":null,"previous_names":["racoolstudio/sonarqube-bot"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/racoolstudio%2FsonarQube-Bot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/racoolstudio%2FsonarQube-Bot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/racoolstudio%2FsonarQube-Bot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/racoolstudio%2FsonarQube-Bot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/racoolstudio","download_url":"https://codeload.github.com/racoolstudio/sonarQube-Bot/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244094276,"owners_count":20397020,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bot","github-bot","jenkins","sonarqube"],"created_at":"2025-01-24T06:14:20.336Z","updated_at":"2026-05-20T19:10:40.529Z","avatar_url":"https://github.com/racoolstudio.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SonarQube-Bot\n\n**SonarQube-Bot** is a tool that integrates SonarQube with GitHub to automatically create comments on pull requests based on the analysis results. When a new commit is pushed to a pull request, the bot reviews the issues reported by SonarQube and creates a comment highlighting the new issues identified in that commit.\n\n## Features\n- **Automatic Issue Reporting**: SonarQube-Bot automatically fetches issues from SonarQube related to the current commit and creates comments on GitHub pull requests.\n- **Integration with Jenkins**: Works with Jenkins for continuous integration.\n- **Uses GitHub and SonarQube Tokens**: The bot uses tokens from GitHub and SonarQube for authentication and authorization.\n\n## Prerequisites\n\n1. **SonarQube Instance**:\n   - A running SonarQube server where your project is analyzed.\n   - SonarQube token to authenticate API requests.\n\n2. **GitHub Repository**:\n   - A GitHub repository where you want to enable the SonarQube-Bot.\n   - GitHub token to authenticate API requests.\n\n3. **Jenkins**:\n   - Jenkins setup for code analysis and CI/CD pipeline that triggers SonarQube analysis.\n\n4. **Webhook Configuration**:\n   - You need to set up a webhook on GitHub to send data to the bot whenever a commit is pushed to a pull request.\n\n---\n\n## Setup Instructions\n\n### Step 1: Configure the Webhook in GitHub\n1. Go to your GitHub repository's settings.\n2. Navigate to **Webhooks** and click **Add webhook**.\n3. Set the **Payload URL** to the URL where your SonarQube-Bot is hosted (e.g., `https://yourdomain.com/api/webhook`).\n4. Set the **Content type** to `application/json`.\n5. Select the events that will trigger the webhook. Choose **check_suite**, **check**, **status** and **Push** events to capture commit details.\n6. Ensure the webhook sends the `check_suite` and `status` events. This ensures that the bot can track the build status.\n\n### Step 2: Configure SonarQube and GitHub Tokens\n1. **SonarQube Token**: In your SonarQube instance, generate a personal access token by going to **My Account** \u003e **Security** and clicking on **Generate Tokens**. Copy this token.\n2. **GitHub Token**: Generate a GitHub personal access token with the necessary permissions (e.g., `repo`, `pull_requests`). Go to your GitHub account settings \u003e **Developer settings** \u003e **Personal access tokens** and create a new token. Copy this token.\n\n### Step 3: Set Configuration in the Application\nIn the configuration file (e.g., `appsettings.json` or environment variables), set the following values:\n\n```json\n{\n  \"SonarQube\": {\n    \"Token\": \"YOUR_SONARQUBE_TOKEN\",\n    \"Server\": \"https://your-sonarqube-server.com\"\n  },\n  \"GitHub\": {\n    \"Token\": \"YOUR_GITHUB_TOKEN\",\n    \"Server\": \"your github username like racoolstudio\"\n  }\n}\n```\n## Step 4: Deploy SonarQube-Bot\n\nDeploy the bot to your preferred hosting platform. You can use platforms such as **Azure**, **AWS**, or your own server.\n\n---\n\n## How It Works\n\n1. **SonarQube Analysis**: Jenkins triggers a SonarQube analysis for your code.\n2. **Webhook Notification**: Once the analysis is complete, a webhook payload is sent to the bot's endpoint.\n3. **Bot Fetches Pull Request Details**: The bot fetches details about the pull request, such as the PR number and the associated repository.\n4. **Fetching Issues**: The bot then checks SonarQube for issues related to the current commit.\n5. **Create GitHub Comment**: Based on the analysis results, the bot creates a comment on the pull request with a summary of the new issues identified.\n\n---\n\n## Key Actions\n\n### 1. **Check Check Suite Status on GitHub**\n\n- Once the webhook is triggered, navigate to the **Checks** section of your pull request on GitHub.\n- Ensure the **SonarQube-Bot** status check appears. This shows whether the SonarQube analysis has passed or failed.\n\n### 2. **SonarQube Issues in PR**\n\n- The bot will generate comments in the pull request for each new issue discovered in the commit.\n- Issues are categorized and linked directly to SonarQube so that developers can easily click on them to get more details.\n\n### 3. **Click on Check Suite and Status**\n\n- Click on the **Check Suite** to get detailed information about the SonarQube analysis.\n- Review the issues that are highlighted for the commit and address them accordingly.\n\n---\n\n## Example Response\n\nWhen a new issue is found, the bot will create a comment like the following:\n\n```bash\nYour commit has 3 new issue(s)!\n1. Issue 1: [Click Here](https://your-sonarqube-server.com/code?id=your_project_key\u0026selected=your_issue_key)\n2. Issue 2: [Click Here](https://your-sonarqube-server.com/code?id=your_project_key\u0026selected=your_issue_key)\n3. Issue 3: [Click Here](https://your-sonarqube-server.com/code?id=your_project_key\u0026selected=your_issue_key)\n```\n\n---\n\n## Troubleshooting\n\n### 1. **Webhooks Not Triggering**: \n   - Ensure that the webhook is properly configured and that the correct events (e.g., `check`, `push`, `status`) are selected.\n\n### 2. **SonarQube Issues Not Showing**: \n   - Make sure that SonarQube analysis is correctly set up and that the token used in the bot has the correct permissions to access the SonarQube API.\n\n### 3. **GitHub Permissions**: \n   - Ensure the GitHub token has the necessary permissions to post comments on pull requests.\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fracoolstudio%2Fsonarqube-bot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fracoolstudio%2Fsonarqube-bot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fracoolstudio%2Fsonarqube-bot/lists"}