Merge pull request #99 from zorianix/patch-1

Update integrations.rst
DefectDojo · Jun 17, 2020 · 919b154 · 919b154
2 parents 7be689f + 0519f7b
commit 919b154
Showing 1 changed file with 22 additions and 2 deletions.
diff --git a/docs/integrations.rst b/docs/integrations.rst
@@ -238,12 +238,32 @@ Snyk
 ----
 Snyk output file (snyk test --json > snyk.json) can be imported in JSON format.
 
-SonarQube
----------
+SonarQube Scan (Aggregates findings per cwe, title, description, file_path.)
+----------------------------------------------------------------------------
+SonarQube output file can be imported in HTML format.
+
+To generate the report, see https://github.com/soprasteria/sonar-report
+
+Version: >= 1.1.0
+
+SonarQube Scan Detailed (Import all findings from SonarQube html report.)
+-------------------------------------------------------------------------
 SonarQube output file can be imported in HTML format.
 
 To generate the report, see https://github.com/soprasteria/sonar-report
 
+Version: >= 1.1.0
+
+SonarQube API Import
+--------------------
+SonarQube API will be accessed to gather the report. No report file required.
+
+Follow below steps to setup API Import:
+
+1. Configure the Sonarqube Authentication details by navigating to Configuration->Tool Configuration. Note the url should be in the formation of http://<sonarqube_hostname>/api. Select the tool type to SonarQube. 
+2. In the Product settings fill the details for the SonarQube Project Key (Key name can be found by navigating to a specific project and selecting the value from the url http://<sonarqube_host>/dashboard?id=<key_name>
+3. Once all of the above setting are made , the API Import should be able to auto import all vulnerability information from the sonarqube instance.
+
 SpotBugs
 --------
 XML report of textui cli.