HackEDU has launched an integration with SonarCloud which allows your organization to automatically use the vulnerabilities found in your application scans to build dynamic training plans for your developers. Follow the steps below to set up your integration:
You must be both a HackEDU and SonarCloud customer.
Generate a SonarCloud API Token
Navigate to your SonarCloud profile and click on the Security tab to generate a SonarCloud token.
You can read SonarCloud's documentation for more information about generating and using tokens.
You will also want to take note of your Organization Key, as you will need to enter it during the integration setup process.
Set up integration in HackEDU admin dashboard
Login to HackEDU with an Admin account, and go to your admin dashboard.
Click Settings > Data Integrations in the left menu
Click Add Integration
4. Select SonarCloud from the list of vendor integrations
5. Chose whether to apply these vulnerabilities to your entire organization or just to specific teams.
Note: You can here to see what data we have access to and what we save by continuing with the integration. You can read about HackEDU's security and data policies here.
6. Enter your SonarCloud Key and API Token, and click Continue. We recommend setting up a token specific for this integration.
7. If you have multiple SonarCloud projects, you will be prompted to select which you would like to apply to the integration.
8. Confirm the details of your integration and click Finish.
9. Your integration will automatically begin to sync, and will re-sync once a day. You can click on the integration to see the data we've synced, and to open the original issue reports within SonarCloud.
Setting up Adaptive Training plans
Now that you have vulnerability data available, you may set up an Adaptive Training plan that customizes your training based on the results of the vulnerability data.