Introduction to GitHub integration

SonarQube’s integration with GitHub allows you to maintain code quality and security in your GitHub repositories.

Prerequisites

You can use any GitHub plan. If you use GitHub Enterprise Server, we recommend using GitHub Enterprise version 3.14+.

Key features

With this integration, you’ll be able to:

• Sign in to SonarQube Community Build with your GitHub credentials.

• Import your GitHub repositories into SonarQube to easily set up SonarQube projects.

• Analyze projects with GitHub Actions: Integrate analysis into your build pipeline.

Integration solution overview

SonarQube Community Build uses a GitHub App to access GitHub resources. The app defines the global access permissions of SonarQube Community Build. Access to your GitHub instance is required when:

• A project administrator imports a GitHub repository to create the respective project in SonarQube Community Build. SonarQube Community Build then accesses and uses the project administrator's GitHub repository permissions.

• SonarQube Community Build authenticates users through GitHub.

In SonarQube Community Build, a "GitHub Configuration" record stores the credentials used to log in to the GitHub App for SonarQube. A different Configuration record is used to manage the analysis integration and the user authentication.

Related pages

• Setting up GitHub integration at global level This section explains how to set up GitHub and SonarQube for their integration at the global level. You need the global Administer System permission in SonarQube to perform this setup.

• Importing GitHub repositories Once the integration of SonarQube with GitHub has been properly set up, you can import a GitHub repository to create the corresponding projects in SonarQube.

• Adding analysis to GitHub Actions workflow Once you have created your projects in SonarQube, you can add the SonarQube analysis to your GitHub Actions workflow.