Issues reported in DevOps platform
Security issues raised by SonarQube Cloud can be viewed directly in GitHub or GitLab.
This page explains how to view and/or manage the issues reported by SonarQube Cloud in your GitHub, GitLab, Bitbucket, or Azure DevOps instance.
In GitHub
With the Enterprise plan, when you analyze a project in SonarQube Cloud, the detected security issues are displayed on the GitHub interface as code scanning alerts. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.
To view and manage your code scanning alerts:
1. In GitHub, go to your repository’s Security > Code scanning alerts tab.
2. Select View alerts to see the full list.

3. When you change the status of a security vulnerability in the SonarQube Cloud interface that status change will be immediately reflected in the GitHub interface and vice versa.
In Bitbucket Cloud
In Bitbucket Cloud, you can view:
The analysis metrics of the main branch in the Bitbucket repository overview.
The issues detected on your pull requests.
In Azure DevOps
When you run a SonarQube Cloud analysis for a pull request, each SonarQube issue is displayed as a comment on the Azure DevOps pull request. If you change the status of an issue in SonarQube Cloud, that status change is immediately reflected in the Azure DevOps interface.
Related pages
Setting up the integration of your project with:
Last updated
Was this helpful?