GitHub

Once your GitHub organization has been imported to SonarQube Cloud, you can create your SonarQube Cloud project by importing your GitHub repository. The created SonarQube Cloud project is bound to its GitHub repository, see Binding with the DevOps platform for more details. To bind an unbound project, see Binding an unbound project to a repository.

Setting up pull request integration

For a bound project, the quality gate status and analysis metrics are reported to your pull requests in GitHub provided:

• Your build script is configured to build on pull request creation and push.

• If you don't use an integrated CI tool, you must set up the pull request parameters manually, see Pull request analysis for more details.

• See Prerequisites for CI-based analysis for more details

Reporting security issues in GitHub (GitHub code scanning alerts)

With the Enterprise plan, the report of the security issues inside the GitHub interface itself as code scanning alerts under the Security tab is supported for bound projects.

This feature is part of the GitHub Advanced Security package and is currently free for public projects. It is available as a paid option for private projects and GitHub Enterprise. This option is entirely on the GitHub side. Sonar does not charge anything extra to enable the code scanning alerts feature.

Related pages

• Analyzing GitHub projects

• Importing GitHub organization

• Creating and setting up your project

• Github Actions

• Setting user permissions

• Changing project binding

• Customizing Information page

• Deleting project

• Issues reported in DevOps platform