SonarQube Cloud | Managing your project | Managing code issues | Issues reported in DevOps platform

Viewing and managing issues in your DevOps platform

In GitHub

With the Enterprise plan, when you analyze a project in SonarQube Cloud, the detected security issues are displayed on the GitHub interface as code scanning alerts. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.

To view and manage your code scanning alerts:

1. In GitHub, go to your repository's Security > Code scanning alerts tab.

2. Select View alerts to see the full list.

3. When you change the status of a security vulnerability in the SonarQube Cloud interface that status change will be immediately reflected in the GitHub interface and vice versa.

In Bitbucket Cloud

In Bitbucket Cloud, you can view:

The analysis metrics of the main branch in the Bitbucket repository overview.
The issues detected on your pull requests.

Viewing the analysis metrics of the main branch

1. Select Source in the left sidebar. The quality metrics for the main branch are displayed at the top of the page as illustrated below.

Screenshot of the BitBucket interface with the SonarCloud project analysis results widget.

2. Select View more details in SonarCloud to view the full report.

Viewing the issues detected on a pull request

When viewing an analyzed pull request you will see quality metrics displayed as illustrated below.

Screenshot of the pull request quality gate widget in BitBucket.

Additionally, the right sidebar contains a code insights section that provides access to code reports. The keyboard shortcut to expand and collapse the right sidebar on repository pages is ].

Screenshot showing how to access code reports in the BitBucket interface sidebar.

You can expand the Report section and select SonarQube Cloud Code Analysis to view a full report of all the issues SonarQube Cloud found in the pull request:

Screenshot of the full report of all the issues found in the pull request by SonarCloud.

You don't have to navigate to SonarQube Cloud.io because this view lets you see the issues identified by SonarQube Cloud right in Bitbucket.

In Azure DevOps

When you run a SonarQube Cloud analysis for a pull request, each SonarQube issue is displayed as a comment on the Azure DevOps pull request. If you change the status of an issue in SonarQube Cloud, that status change is immediately reflected in the Azure DevOps interface.

The number of comments posted in the timeline of a pull request is limited to 50.

If this limit has been reached, a message will be displayed as a comment, with a link to the rest of the issues on SonarQube Cloud. This comment will not disappear upon resolution of an issue, but only upon a new build, with less than 50 issues remaining.

Setting up the integration of your project with your DevOps platform

Was this page helpful?

Viewing and managing issues in your DevOps platform

On this page

.css-215hmj{position:relative;--tw-text-opacity:1;color:rgb(0 0 0 / var(--tw-text-opacity, 1));}In GitHub.css-abpesc{width:2rem;display:none;margin-left:0.5rem;fill:#5F656D;}.css-abpesc:hover{fill:#290042;}

In Bitbucket Cloud

In Azure DevOps

Related pages

In GitHub