SonarCloud | Appendices | Frequently asked questions

Frequently asked questions

Does SonarCloud require single sign on - SSO?

SonarCloud does not require single sign-on (SSO), as authentication is performed on the DevOps platform side.

Which identity providers does SonarCloud support?

The following code repository platforms are supported as identity providers:

    • GitHub
    • Bitbucket Cloud
    • Azure DevOps Services
    • GitLab

You must have an account on one of these code repository platforms to log in to SonarCloud.

How do I get rid of issues that are false-positives?

False Positive and Accept

  • You can mark individual issues as false positive or accepted through the issues interface. If you're using short-lived branch and pull request analysis, issues marked as false positive or accepted will retain that status after merge. This is the preferred approach.

Help us improve our detection of security issues

When you mark a vulnerability as false positive or accepted, explain why in the comment box. This feedback and the vulnerability context (current file content, issue and rule details) are reviewed by our teams to make SonarCloud better.

//NOSONAR

  • Most language analyzers support the use of the generic mechanism: //NOSONAR at the end of the line of the issue. This will suppress all issues - now and in the future - that might be raised on the line.

How do I find and remove projects that haven't been analyzed in a while?

  • In your organization: Administration > Projects Management you can search for Last analysis before to filter projects not analyzed since a specific date, and then use bulk Delete to remove the projects that match your filter.
  • This can be automated using the corresponding Web API: api/projects/bulk_delete?organization=ORG-KEY&analyzedBefore=YYYY-MM-DD.

What are the browsers supported by SonarCloud?

  • SonarCloud supports the following browsers:
    • the last 3 Chrome versions
    • the last 3 Firefox versions
    • the last 3 Safari versions
    • the last 3 Edge versions

What Java versions are supported by SonarCloud?

Java Version of Scanner Environment

  • If you are performing analysis in your local build environment through an installed scanner tool, then the Java runtime environment of the scanner (that is, the Java installed on your build machine) should be at least Java 17. 
  • Similarly, if you are analyzing in a CI service, you should configure the Java environment to at least Java 17.
  • If you are exclusively using automatic analysis, that is, where the SonarCloud service itself does the analysis, you do not have to do anything.

Java Version of Targeted Code

  • Pre-Java-17 code (for example, Java 11 code) will continue to be analyzable. The version bump applies only to the environment within which the scanner is running, not the code that is being analyzed. See the Scanner environment page for more details.

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License