> For the complete documentation index, see [llms.txt](https://docs.sonarsource.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sonarsource.com/sonarqube-cloud/getting-started/github.md). # Getting started with GitHub ## Step 1: Sign up 1. Go to [SonarQube Cloud product page](https://www.sonarsource.com/products/sonarqube/cloud/) and select **Start now**. The Get started page opens.\ If you want to use the [US region](/sonarqube-cloud/getting-started/getting-started-in-us-region.md), go to [sonarqube.us](http://sonarqube.us/) instead.
Select your DevOps platform.
2. Select **GitHub** from the list of DevOps platforms. You will be taken to the GitHub login page. 3. Sign in using your GitHub credentials.\ For prerequisites on your DevOps account’s email address, see [Signing in to SonarQube Cloud](/sonarqube-cloud/managing-your-account/signing-in.md#via-devops-platform). Your SonarQube Cloud account is created and bound to your GitHub account. For more information, see [Authentication](https://www.sonarsource.com/trust-center/#authentication) in the Trust Center. Once you have successfully logged in, you will be prompted to connect your GitHub organization with SonarQube Cloud and create your SonarQube Cloud organization. ## Step 2: Create your organization We use an [organization-based structure](/sonarqube-cloud/administering-sonarcloud/about-sonarqube-cloud-solution/resources-structure/organization.md) that mirrors the structure on your chosen DevOps platforms: each SonarQube Cloud organization corresponds one-to-one with a GitHub organization or personal account. A subscription plan is associated one-to-one with a SonarQube Cloud organization. See [Subscription plans](/sonarqube-cloud/administering-sonarcloud/managing-subscription/subscription-plans.md) for a comparison between the different plans. To create your SonarQube Cloud organization, you’ll import your GitHub organization or personal account to SonarQube Cloud. Proceed as follows. For detailed prerequisites and instructions, see [Importing GitHub organization](/sonarqube-cloud/administering-sonarcloud/managing-organization/creating-organization/importing-github-organization.md). 1. You will be presented with a step-by-step tutorial to install the SonarQube Cloud application on GitHub. This allows SonarQube Cloud to access your GitHub organization or personal account. Once this is done, you’ll be redirected to the subscription page. 2. Select a plan for your organization. For a plan comparison, select **Available plans** in the top right corner. 3. Check the organization details. You can see the organization name and key at the bottom of the page. 4. If you selected the Team plan, follow the instructions. 5. Select **Create organiziation**. {% hint style="info" %} * The organization creator becomes the organization admin. To set up the organization permissions, see [Managing organization permissions](/sonarqube-cloud/administering-sonarcloud/managing-organization/users-and-permissions/organization-permissions.md). * Consider upgrading to [Enterprise](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-subscription/subscription-plans) so you can benefit from many features, in particular SSO and SCIM. See [About SSO and provisioning](/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/about.md). {% endhint %} ## Step 3: Select your projects You can now import the existing projects (that is, individual Git repositories) that you want to analyze from your GitHub organization into your newly created SonarQube Cloud organization. A corresponding, one-to-one SonarQube Cloud project will be created for each imported repository. Proceed as follows (you need the Create Projects permission in your organization): 1. You have two options for importing repositories: * To import all repositories from your GitHub organization, select the **Bulk import all** button (Option **a** in the figure below). For more details, see [Creating your project](/sonarqube-cloud/managing-your-projects/administering-your-projects/setting-up-project.md#bulk-import). * To select specific repositories to import, choose the ones you want (Option **b** in the figure). Note that you can only import up to 25 repositories at a time. 2. Select the **Auto-import new GitHub repositories** option (Option **c** in the figure) if you want that new GitHub repositories be automatically imported as soon as they are created in your GitHub organization, skipping the manual new project analysis flow. For more information, see [Auto-importing new repositories](/sonarqube-cloud/administering-sonarcloud/managing-organization/manage-org-projects/auto-import-new-repos.md).
You must chose between option a and option b to import your repositories to SonarQube Cloud. You can use option c in addition to enable the auto-import of new repos.
3. Select the **Analyze \ projects** button or the **Bulk import all projects** button if you have selected the bulk import option.\ The projects are created. {% hint style="info" %} The project creator becomes the project admin. To set up the project permissions, see [Setting your project's permissions](/sonarqube-cloud/managing-your-projects/administering-your-projects/setting-permissions.md). {% endhint %} If a project qualifies for Automatic analysis, SonarQube Cloud will start the analysis of the project’s main branch automatically, and of the most recent active pull requests. See [Automatic analysis](/sonarqube-cloud/analyzing-source-code/automatic-analysis.md) for more information. If the Automatic analysis is not supported or not used for your project, you’ll need to configure the analysis. For more information, see [#setting-up-a-ci-based-analysis](#setting-up-a-ci-based-analysis "mention"). {% hint style="info" %} With the Enterprise plan, you can disable the Automatic analysis for the entire organization. See [Disabling automatic analysis](/sonarqube-cloud/administering-sonarcloud/managing-organization/setting-config-at-org-level/disabling-automatic-analysis.md). {% endhint %} ## Step 4: Connect with SonarQube for IDE SonarQube for IDE is a free IDE extension that integrates with SonarQube Cloud. Like a spell checker, SonarQube for IDE highlights issues as you type. Install SonarQube for IDE to leverage the power of SonarQube in your IDE. To do so, see [SonarQube for IDE](/sonarqube-cloud/analyzing-source-code/connected-mode.md). ## Step 5: View your analysis results Once your analysis is completed a project Overview page opens, displaying the **Project health dashboard**, a built-in Sonar dashboard available in all plans. Custom dashboards and other built-in dashboard views are available in the [Enterprise](https://www.sonarsource.com/plans-and-pricing/sonarcloud/) plan.
The Project Overview page.
### Review your project’s quality gate The purpose of Quality gates is to tell you whether your code is good enough to be pushed to the next step: * For the main branch and other long-lived branches, the quality gate answers the question: "Can I release my code today?" * For pull requests (and short-lived branches), the quality gate answers the question: "Can I merge this pull request?" By keeping an eye on the quality gates, the decision makers can quickly judge the status of code and decide what to do next. For more information, see [Quality gates](/sonarqube-cloud/standards/quality-gates.md). ### Review your issues An analysis detects an issue as a problem in your code. When a coding rule is broken, an issue is raised. Each issue affects one or more software qualities with a varying impact level, called severity, as inherited from the rule. For more information about rules, see [Viewing and managing rules](/sonarqube-cloud/standards/managing-rules.md). To review your issues, see [Managing code issues](/sonarqube-cloud/managing-your-projects/issues.md). ## Step 6: Adjust your project setup The analysis performed by the SonarScanner is configured through analysis parameters. The following applies: * A few analysis parameters are mandatory. * Many analysis parameters, such as those defining the analysis scope, have a default value and can be adjusted. * Analysis parameters allow you to include the code and test coverage in your analysis, or to import issues generated by a third-party analyzer, etc. SonarQube Server manages the analysis parameters through sonar properties (The sonar property key has the following syntax: `sonar.`.). You can configure the analysis parameters in different places. For more information, see [Configuration overview](/sonarqube-cloud/analyzing-source-code/analysis-parameters/configuration-overview.md). You can: * Adjust your analysis scope, see [Analysis scope](/sonarqube-cloud/managing-your-projects/project-analysis/setting-analysis-scope.md). * Implement test coverage, see [Test coverage](/sonarqube-cloud/analyzing-source-code/test-coverage.md). * Import external analyzer reports, see [External analyzer reports](/sonarqube-cloud/analyzing-source-code/importing-external-issues/external-analyzer-reports.md). * Define a Long-lived branch pattern, see [Long-lived branch pattern](/sonarqube-cloud/managing-your-projects/project-analysis/long-lived-branch-pattern.md). * Change the new code definition applied to your project, see [New code definition](/sonarqube-cloud/managing-your-projects/project-analysis/configuring-new-code-calculation.md). * Change the quality gate assigned to your project, see [Quality gate](/sonarqube-cloud/managing-your-projects/project-analysis/changing-quality-gate.md). * Change the quality profiles assigned to your project, see [Quality profile](/sonarqube-cloud/managing-your-projects/project-analysis/quality-profile-association.md) ## Step 7: Check out security reports and portfolios Managers and tech leads can check out the security reports and portfolios features to begin monitoring the security and releasability of projects. For more information, see [Viewing the enterprise reports](/sonarqube-cloud/getting-started-with-enterprise/viewing-enterprise-reports.md). ## Setting up a CI-based analysis If the Automatic analysis is not supported for your project or you don't want to use it, you’ll need to set up the analysis. The actual analysis is performed in your build environment (for example, on a cloud CI or your local machine). This means you have to configure your build process to perform the analysis on each build and communicate the results up to SonarQube Cloud. We refer to this analysis method as CI-based analysis in contrast with the automatic analysis. To understand the SonarQube analysis principles, see [SonarQube analysis overview](/sonarqube-cloud/discovering-sonarcloud/analysis-process-overview.md). To integrate SonarQube Cloud analysis into your GitHub Actions workflow, see [Github Actions](/sonarqube-cloud/analyzing-source-code/ci-based-analysis/github-actions-for-sonarcloud.md). ### About the SonarQube Cloud analysis The SonarScanner performs the automated source code analysis as part of your code review process. This stand-alone program runs on the CI/CD host and sends the analysis results to SonarQube Server, which computes them, calculates the quality gate, and generates reports. To perform the analysis, the SonarScanner uses the [Sonar analyzers](/sonarqube-cloud/discovering-sonarcloud/overview.md) that it downloads from SonarQube Cloud at installation. The Sonar Solution offers SonarScanners that integrate with the following build systems: Gradle, Maven, .NET, NPM, and Python. For other project types, the SonarScanner CLI which requires more manual configuration is used. For more information about integrated CI tools and SonarScanners, see [CI-based analysis](/sonarqube-cloud/analyzing-source-code/ci-based-analysis.md) ### Setting up the pull request analysis By setting up pull request analysis, you ensure pull requests are analyzed when they are opened and every time a change is pushed to the pull request branch. To do so, you must add the SonarQube Cloud analysis to your CI pipeline. * To learn more about pull request analysis, see [Pull request analysis](/sonarqube-cloud/analyzing-source-code/pull-request-analysis.md). * To integrate SonarQube Cloud analysis into your GitHub Actions workflow, see [Github Actions](/sonarqube-cloud/analyzing-source-code/ci-based-analysis/github-actions-for-sonarcloud.md). ## Related pages * [GitHub](/sonarqube-cloud/discovering-sonarcloud/integration-with-devops-platforms/github.md) (integration solution overview) * [Organization setup overview](/sonarqube-cloud/administering-sonarcloud/managing-organization/setup-overview.md) * [Importing GitHub organization](/sonarqube-cloud/administering-sonarcloud/managing-organization/creating-organization/importing-github-organization.md) * [Project administration overview](/sonarqube-cloud/managing-your-projects/administering-your-projects/introduction.md) * [Creating your project](/sonarqube-cloud/managing-your-projects/administering-your-projects/setting-up-project.md) * [Configuring GitHub project binding](/sonarqube-cloud/managing-your-projects/administering-your-projects/devops-platform-integration/github.md) * [Github Actions](/sonarqube-cloud/analyzing-source-code/ci-based-analysis/github-actions-for-sonarcloud.md) * [Getting started in the US server region](/sonarqube-cloud/getting-started/getting-started-in-us-region.md) ## Related online learning * :desktop: [Initial SonarQube Cloud set up with GitHub](https://www.sonarsource.com/learn/course/sonarqube-cloud/e598e92a-7788-44a2-81c3-399432a52892/initial-sonarqube-cloud-set-up-with-github) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sonarsource.com/sonarqube-cloud/getting-started/github.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.