# Issues reported in GitHub

## Pull request decoration <a href="#pull-request-decoration" id="pull-request-decoration"></a>

SonarQube Cloud provides issue reporting for GitHub pull requests. Besides the pull request analysis summary found in the Checks and Conversation tabs, you will also see issues reported as inline annotations directly within the Files changed tab as illustrated below.

<figure><img src="broken-reference" alt="Issues are reported as inline annotations in the Files changed tab."><figcaption></figcaption></figure>

From an inline annotation, you can:

* View the corresponding issue in SonarQube Cloud: copy-paste in your browser the **See more on** link below the annotation text.
* View the pull request analysis summary in SonarQube Cloud: select the **View details** button.\
  If this button is not available, select the **Try the new experience** link in the top right corner of your pull request page as illustrated below.

<figure><img src="broken-reference" alt="Select the Try the new experience link to enable the View details button in SonarQube&#x27;s inline annotations."><figcaption></figcaption></figure>

{% hint style="info" %}

* As a project admin, you can disable the pull request inline annotations for your project. See [#disabling-the-inline-annotations](https://docs.sonarsource.com/sonarqube-cloud/administering-your-projects/devops-platform-integration/github#disabling-the-inline-annotations "mention").
* Pull request decoration requires that pull request integration be correctly configured for your project. See [#setting-up-pull-request-integration](https://docs.sonarsource.com/sonarqube-cloud/administering-your-projects/devops-platform-integration/github#setting-up-pull-request-integration "mention").
  {% endhint %}

## Using the Remediation agent on your pull requests <a href="#remediation-agent" id="remediation-agent"></a>

{% hint style="success" %}
The SonarQube Remediation Agent is a [Beta](https://docs.sonarsource.com/sonarqube-cloud/appendices/product-release-lifecycle#beta) feature available with the Team (annual) and Enterprise plan accounts. It is free during the beta phase and will be a paid feature when it moves to [General Availability](https://docs.sonarsource.com/sonarqube-cloud/appendices/product-release-lifecycle#general-availability). To learn more about the terms & conditions, please see our legal page about features in [Early Access](https://www.sonarsource.com/legal/early-access/).
{% endhint %}

The SonarQube Remediation Agent runs an independent review and analysis to help you fix reliability and maintainability issues found in your latest code. It focuses on issues in your backlog, discovered in your main branch analysis, and on issues found in your latest GitHub pull request (PR).&#x20;

The agent uses <code class="expression">space.vars.SQC\_Remediation\_agent\_LLM</code> to generate fix suggestions in the background and checks that the new code does not introduce new issues before offering the suggestion.

To enable and install the agent, check out the [sonarqube-remediation-agent](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/ai-features/sonarqube-remediation-agent "mention") page. To understand the agent's behavior and learn how to engage with the agent in your pull request, have a look at the [agent-backlog-fixes](https://docs.sonarsource.com/sonarqube-cloud/managing-your-projects/issues/with-ai-features/agent-backlog-fixes "mention") and [agents-in-your-github-pull-request](https://docs.sonarsource.com/sonarqube-cloud/managing-your-projects/issues/with-ai-features/agents-in-your-github-pull-request "mention") pages.

## Code scanning alerts <a href="#code-scanning-alerts" id="code-scanning-alerts"></a>

With the [Enterprise plan](https://www.sonarsource.com/plans-and-pricing/), when you analyze a project in SonarQube Cloud, the detected security issues are displayed on the GitHub interface as code scanning alerts. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.

To view and manage your code scanning alerts:

1\. In GitHub, go to your repository’s **Security** > **Code scanning alerts** tab.

2\. Select **View alerts** to see the full list.

<div align="left"><figure><img src="https://2223713658-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FB4UT2GNiZKjtxFtcFAL7%2Fuploads%2Fgit-blob-4454fcea707b65aebef72c038e6a1fad06461dd5%2F627a05ead3c4def8a9e8b926841d266f700a67fb.png?alt=media" alt="When SonarQube Cloud finds security alerts in your GitHub instance, navigate to Security > Code scanning alerts tab alerts in Github."><figcaption></figcaption></figure></div>

3\. When you change the status of a security vulnerability in the SonarQube Cloud interface that status change will be immediately reflected in the GitHub interface and vice versa.

## Related pages <a href="#related-pages" id="related-pages"></a>

[github](https://docs.sonarsource.com/sonarqube-cloud/managing-your-projects/administering-your-projects/devops-platform-integration/github "mention")