Start FreeLogin

Issues reported in DevOps platform

Security issues raised by SonarQube Cloud can be viewed directly in GitHub or GitLab.

This page explains how to view and/or manage the issues reported by SonarQube Cloud in your GitHub, GitLab, Bitbucket, or Azure DevOps instance.

In GitHub

With the Enterprise plan, when you analyze a project in SonarQube Cloud, the detected security issues are displayed on the GitHub interface as code scanning alerts. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.

To view and manage your code scanning alerts:

1. In GitHub, go to your repository’s Security > Code scanning alerts tab.

2. Select View alerts to see the full list.

When SonarQube Cloud finds security alerts in your GitHub instance, navigate to Security > Code scanning alerts tab alerts in Github.

3. When you change the status of a security vulnerability in the SonarQube Cloud interface that status change will be immediately reflected in the GitHub interface and vice versa.

In Bitbucket Cloud

In Bitbucket Cloud, you can view:

  • The analysis metrics of the main branch in the Bitbucket repository overview.

  • The issues detected on your pull requests.

Viewing the analysis metrics of the main branch

1. Select Source in the left sidebar. The quality metrics for the main branch are displayed at the top of the page as illustrated below.

In the BitBucket cloud interface, select Source to navigate to the quality metrics generated by the SonarQube Cloud project analysis results.

2. Select View more details in SonarCloud to view the full report.

Viewing the issues detected on a pull request

When viewing an analyzed pull request you will see quality metrics displayed as illustrated below.

Screenshot of the pull request quality gate widget in BitBucket.

Additionally, the right sidebar contains a code insights section that provides access to code reports. The keyboard shortcut to expand and collapse the right sidebar on repository pages is ].

Screenshot showing how to access the SonarQube Cloud code reports in the BitBucket interface sidebar.

You can expand the Report section and select SonarQube Cloud Code Analysis to view a full report of all the issues SonarQube Cloud found in the pull request:

Screenshot of the full report of all the issues found in the pull request by SonarQube Cloud.

You don’t have to navigate to SonarCloud.io because this view lets you see the issues identified by SonarQube Cloud right in Bitbucket.

In Azure DevOps

When you run a SonarQube Cloud analysis for a pull request, each SonarQube issue is displayed as a comment on the Azure DevOps pull request. If you change the status of an issue in SonarQube Cloud, that status change is immediately reflected in the Azure DevOps interface.

The number of comments posted in the timeline of a pull request is limited to 50.

If this limit has been reached, a message will be displayed as a comment, with a link to the rest of the issues on SonarQube Cloud. This comment will not disappear upon resolution of an issue, but only upon a new build, with less than 50 issues remaining.

Related pages

Setting up the integration of your project with:

PreviousFixing issuesNextManaging your project as a developer

Last updated

Was this helpful?