--- title: SonarQube Cloud API Integration on Truto slug: sonarqubecloud category: Default canonical: "https://truto.one/integrations/detail/sonarqubecloud/" --- # SonarQube Cloud API Integration on Truto **Category:** Default **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Groups** — Groups are a collection of users in the source application. In some applications, they might also be called Teams. - **Me** — - **Organizations** — Organizations are the top level entity in the source application. Users are associated with an organization. - **Users** — The User object represents a User. ## MCP-ready AI tools Truto exposes 4 tools for SonarQube Cloud that AI agents can call directly. - **list_all_sonarqubecloud_users** — Use this endpoint to retrieve users from your SonarQube Cloud account. - **list_all_sonarqubecloud_groups** — Use this endpoint to retrieve groups from an organization in your SonarQube Cloud account. Use the organization query parameter to specify the organization for which you want to retrieve groups. - **list_all_sonarqubecloud_notifications** — Use this endpoint to list all notifications associated with the authenticated user. The response includes major details such as the organizations the notifications belong to and the channels through which these notifications are delivered. - **list_all_sonarqubecloud_me** — Use this endpoint to retrieve the currently authenticated user information for your SonarQube Cloud account. ## How it works 1. **Link your customer's SonarQube Cloud account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach SonarQube Cloud.** The Proxy API is a 1-to-1 mapping of the SonarQube Cloud API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate User Access Reviews for Compliance** — Compliance platforms can routinely pull SonarQube Cloud users and groups via Truto's Unified User Directory API, then cross-reference against an HRIS or identity provider to flag orphaned accounts — a key requirement for SOC 2 and ISO 27001 audits. - **Resolve Developer Identities Across the Toolchain** — Engineering analytics platforms need to map SonarQube Cloud identities to GitHub committers, Jira assignees, and HRIS records. Truto's unified users and groups endpoints let them build a single identity graph without handling SonarQube's auth or pagination directly. - **Route Security Findings to the Right Team** — Application security tools can ingest SonarQube Cloud group ownership data to automatically assign vulnerability remediation tasks to the correct engineering squad, eliminating manual triage and reducing mean time to resolution. - **Build a Personalized Developer Dashboard** — Internal developer portals can use the authenticated user's context and notifications to surface a consolidated action-items feed — showing failing quality gates and new security hotspots alongside alerts from other tools, without forcing developers to context-switch into SonarQube. - **Centralize Notification Management Across Dev Tools** — SaaS products that aggregate developer alerts can pull SonarQube Cloud notifications through Truto to deduplicate and prioritize quality gate failures alongside CI/CD, monitoring, and issue tracker signals in a single pane of glass. ## What you can build - **Orphaned Account Detection** — Continuously sync SonarQube Cloud users against your customer's HR directory and automatically flag or deactivate accounts belonging to offboarded employees. - **Cross-Platform Identity Resolution** — Match SonarQube Cloud user records to identities in GitHub, Jira, and Active Directory to build a unified developer profile for analytics or access governance. - **Group-Based Vulnerability Routing** — Map SonarQube Cloud groups to engineering squads so that when a critical finding surfaces, your product can automatically open a ticket assigned to the owning team's lead. - **Connection Health & Permission Check Widget** — Use the me endpoint during onboarding to verify that the connecting user has the right permissions before your product attempts to pull sensitive project or organization data. - **Personalized Quality Gate Action Feed** — Fetch the authenticated developer's SonarQube Cloud notifications and render a prioritized list of failing quality gates and new security hotspots inside your product's dashboard. - **Organization-Wide User & Group Directory Sync** — Periodically pull the full roster of SonarQube Cloud users and groups into your platform to power role-based access controls, audit logs, or team-level reporting. ## FAQs ### What authentication method does the SonarQube Cloud integration use? SonarQube Cloud uses user-generated API tokens for authentication. End users create a token in their SonarQube Cloud account settings and provide it when connecting through Truto. Truto securely stores and manages the token for subsequent API calls. ### Which Unified API does this integration support? The SonarQube Cloud integration maps to Truto's Unified User Directory API, which provides standardized resources for Users, Groups, Organizations, and Me. This means you can query SonarQube Cloud user and group data using the same schema you'd use for any other directory provider Truto supports. ### What specific operations are available through Truto for SonarQube Cloud? The integration currently supports four read operations: list_all_sonarqubecloud_users, list_all_sonarqubecloud_groups, list_all_sonarqubecloud_notifications, and list_all_sonarqubecloud_me. These cover user roster syncing, group enumeration, notification retrieval, and authenticated user validation. ### Does Truto handle pagination for SonarQube Cloud API responses? Yes. Truto automatically manages pagination across all SonarQube Cloud list endpoints, so your application receives complete result sets without needing to implement page-token logic or worry about SonarQube's specific pagination parameters. ### Can I write data back to SonarQube Cloud through this integration? The current integration supports read operations only — listing users, groups, notifications, and the authenticated user's profile. Write operations such as creating groups or modifying user permissions are not available through the existing tools. ### How fresh is the data returned by the SonarQube Cloud integration? Each API call through Truto fetches data directly from SonarQube Cloud's live API in real time. There is no caching layer, so the data reflects the current state of the customer's SonarQube Cloud organization at the time of the request.