# Sonarqube SonarQube is a self-managed, automatic code review tool that systematically helps in delivering clean code. ### Usage of Sonarqube in Delivery Shield * Delivery Shield can mandate security scans on code repos using Sonarqube. It connects with Sonarqube to see if the required code repository has been scanned by and if not done, Delivery Shield generates a security issue. * Once the Sonarqube scan is done, Delivery Shield pulls the SAST scan results from and uses to calculate the overall image and application risk scoring. * The scanned results are available in the [Vulnerability Management](https://docs.opsmx.com/opsmx-secure-software-delivery-ssd-platform/user-guide/vulnerability-management) page, **Source** section of the [DBOM](https://docs.opsmx.com/opsmx-secure-software-delivery-ssd-platform/user-guide/delivery-bill-of-materials-dbom) page, and the [View Open Security Issues](https://docs.opsmx.com/opsmx-secure-software-delivery-ssd-platform/user-guide/view-security-posture/view-open-security-issues) page. * Users can also create custom policies based on the SAST scan results, for example, users can create a policy that blocks images built from a repository where the Sonarqube quality gate check failed at the time of build. ### To Integrate Sonarqube: 1. Navigate to **Setup** > **Integrations**. 2. In the **Source** panel, click on Sonarqube.

3. The Sonarqube integration page is displayed. Click **+New Account**.

4. In the popup that appears, enter the **Account Name**, **URL** and **Token** values of your Sonarqube account. (See [Token](https://docs.sonarsource.com/sonarqube/latest/user-guide/user-account/generating-and-using-tokens/) for details on how to generate API token). 5. Enable **Sonarqube File Insertion** if required. 6. Select the **Teams** and the corresponding **Environments** from the dropdown for which you want the integration to be available. The integration will be available for the selected teams and environment only.

You can select up to 5 teams for the integration to be displayed.

* An example is given below for reference:

* In the example above, * if **Team 1**, **Team 2**, and **Team 3** are selected, only applications associated with these teams can access the integration. Any applications belonging to other teams, such as **Team 4**, will not have access to this account. * Even if the user who created this account is also an admin for **Team 4**, the integration account remains restricted and is not available for **Team 4**. * Access to the account is strictly limited to the specified **Teams** and **Environments** selected during account creation. * **For Organization Admins:** * When an **Organization Admin** creates an account without selecting specific **Teams** and **Environments**, the account will be universally applicable, granting access to **all teams** and **all environments** by default. * **For Team Admins with Multiple Teams:** * If a **Team Admin** who manages multiple teams creates an account without specifying particular **Teams** and **Environments**, the account will only be accessible to the teams for which the logged-in user holds admin privileges. 7. Click **Save**. The tool is integrated in the source stage. 8. You can edit the entered values by clicking the **Edit** option as shown below: 9. Enter the new URL and token value and click **Update**. The new values get updated. \ \ \