Issues reported in DevOps platform
Security issues raised by SonarQube Cloud can be viewed directly in GitHub or GitLab.
This page explains how to view and/or manage the issues reported by SonarQube Cloud in your GitHub, GitLab, Bitbucket, or Azure DevOps instance.
In GitHub
With the Enterprise plan, when you analyze a project in SonarQube Cloud, the detected security issues are displayed on the GitHub interface as code scanning alerts. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.
To view and manage your code scanning alerts:
1. In GitHub, go to your repository’s Security > Code scanning alerts tab.
2. Select View alerts to see the full list.
3. When you change the status of a security vulnerability in the SonarQube Cloud interface that status change will be immediately reflected in the GitHub interface and vice versa.
SonarQube Remediation agent
The SonarQube Remediation Agent is a Beta feature available with Enterprise plan accounts. It is free during the beta phase and will be a paid feature when it moves to General Availability. To learn more about the terms & conditions, please see our legal page about features in Early Access.
If your SonarQube Cloud organization is not on an Enterprise plan, please see the Getting started with Enterprise pages to get the process started.
The SonarQube Remediation agent helps you fix reliability and maintainability issues found in your latest code. It focuses on new issues discovered in your latest GitHub pull request (PR). These issues, picked up by the agent, would otherwise break the new code conditions of your quality gate and block the merge of your PR.
To enable and install the agent, see the SonarQube Remediation agent page. To understand the agent's behavior and learn how to engage with the agent in your pull request, see the Agents in your GitHub pull request page.
In Bitbucket Cloud
In Bitbucket Cloud, you can view:
The analysis metrics of the main branch in the Bitbucket repository overview.
The issues detected on your pull requests.
Viewing the analysis metrics of the main branch
1. Select Source in the left sidebar. The quality metrics for the main branch are displayed at the top of the page as illustrated below.
2. Select View more details in SonarCloud to view the full report.
Viewing the issues detected on a pull request
When viewing an analyzed pull request you will see quality metrics displayed as illustrated below.
Additionally, the right sidebar contains a code insights section that provides access to code reports. The keyboard shortcut to expand and collapse the right sidebar on repository pages is ].
You can expand the Report section and select SonarQube Cloud Code Analysis to view a full report of all the issues SonarQube Cloud found in the pull request:
You don’t have to navigate to SonarCloud.io because this view lets you see the issues identified by SonarQube Cloud right in Bitbucket.
In Azure DevOps
When you run a SonarQube Cloud analysis for a pull request, each SonarQube issue is displayed as a comment on the Azure DevOps pull request. If you change the status of an issue in SonarQube Cloud, that status change is immediately reflected in the Azure DevOps interface.
Related pages
Setting up the integration of your project with:
Last updated
Was this helpful?