Sonar Plugin

All information related to how to connect Sonar to Quboo

Sonarqube Plugin

Connecting Sonarqube

SonarQube is a popular, widely extended tool to measure code quality.

Our SonarQube plugin extracts some data from your code quality results and send them to Quboo. You can download the plugin from SonarQube’s Marketplace or install it manually. Follow the instructions in the sections below.

Don’t worry about your privacy: the data we send is not including any part of your code (and we prove it by having the plugin’s code as open source on GitHub).

Installation from Marketplace

Navigate to the Marketplace with admin rights in Sonar, search “quboo” and install the plugin. You may need to restart the Sonarqube server after the installation for the changes to apply.

Installation from Marketplace
Installation from Sonar's Marketplace

Manual installation

  1. Download the latest plugin release (it’s a .jar file).
  2. Put the downloaded jar in the /extensions/plugins folder of your SonarQube’s home installation folder, removing any previous version.
  3. Restart your SonarQube Server for the changes to apply.

Connecting to Quboo

After you install the plugin, you need to link it to your Quboo account. To do so, navigate (as a SonarQube administrator) to Administration -> Configuration -> General Settings. Select the Quboo tab and enter your API access and secret keys. In the screenshots below you can see where to fill in these values in SonarQube and where to get them in Quboo.

Quboo Settings in Sonar
Quboo Settings in Sonar

Filtering projects

If you want to include only certain Sonarqube projects for gamification with Quboo, or you want to selectively exclude certain ones, you can do this by passing a list of their names to the inclusion/exclusion lists.

To process only one, or a list of selected projects, fill in their names in the ‘Selected Projects’ setting field, separated by commas. Leave it empty if you don’t want to use an inclusion list or if you want to use an exclusion list instead.

To exclude one or multiple projects, add their names separated by commas to the ‘Excluded Projects’ field. Make sure you don’t use an inclusion list or this setting will be ignored.

Project Inclusion/Exclusion settings
Project Inclusion/Exclusion Settings

SonarQube servers with restricted access

In case your organization has enabled the setting “Force User Authentication” in SonarQube (see the screenshot below), you still need one extra step for the Quboo plugin to work correctly. The reason is that the plugin uses the Sonar’s server API, and with this setting enabled the API requires all requests to be authenticated.

This setting is located under: Administration -> Configuration -> Security.

force authentication
Do you use this setting?

If it’s enabled, you need to fill in a valid API Token in the Quboo Plugin Properties page (the same screen where you entered your Access and Secret keys).

First, you generate a token using your Sonarqube’s account. You can generate the token using a regular account, the token doesn’t need administrator privileges.

Generating a Token Step 1
Generate a Token
Generating a Token Step 2

Once you have the token value, you have to enter it on the Quboo Plugin Configuration page. You need administrator rights to do this, so you may need to log out and log in again with an administrator account (or ask your administrator to do this).

Enter the token
Paste your token into Quboo plugin settings

Pay attention when you paste the token value. Since it’s a password field, you won’t see it in the settings. Now save it. If you want to verify whether the token is being used, check Sonarqube’s ce.log for the message A token will be used to connect to SonarQube server.

When does the data gets transferred?

The players and their score won’t be sent to Quboo immediately after you configure the plugin.

Quboo syncs data after each project analysis. Wait for your automated pipelines or run manually an analysis to export your data.


It might happen that, after your next analysis, you don’t see any players in Quboo yet. Go through these possible reasons to figure out what’s happening:

  1. There is no new code analysis. In Sonarqube, you can’t use the UI to trigger an analysis, so normally you have to wait for your build (CI/CD) tools.
  2. Your Sonarqube server doesn’t have any users. Normally, it’s easy to identify this problem since you get only one player at Quboo: the administrator. This is not a technical problem but just related to how you use the tool. If you want to use Quboo, you need to use user accounts in Sonarqube, otherwise there is no way to distinguish who is contributing to improve your code. You can add users manually, or you can use authentication via other systems.
  3. No Internet connectivity. You need to make sure that the server where your Sonarqube instance is configured and has access to the Internet.
  4. Not resolved host. Our plugin uses the Sonarqube API and its configuration to find where to make the API calls. Sometimes, it may happen that the configured host does not match the one that should be called from the server. Check your setting Server base URL in the Sonar Admin settings.

To figure out what is exactly the problem please you can check Sonarqube’s server logs. You can find the plugin log messages in the ce.log file inside the logs folder in your Sonar installation home folder.

If you still need help, do not hesitate to contat us. Please send the error logs with your support request, otherwise we might not be able to help you.