Start Free

Introduction to GitLab integration

SonarQube’s integration with GitLab self-managed and GitLab SaaS subscriptions allows you to maintain code quality and security in your GitLab projects.

Key features

With this integration, you’ll be able to:

  • Authenticate with GitLab: Sign in to SonarQube Community Build with your GitLab credentials.

  • Import your GitLab repositories: Import your GitLab Projects into SonarQube Community Build to easily set up SonarQube Community Build projects.

  • Analyze projects with GitLab CI/CD: Integrate analysis into your build pipeline.

SonarQube Community Build doesn’t support various features such as the analysis of multiple branches and pull requests. See Feature comparison table to know which GitHub integration features are supported by the other SonarQube deployments.

From SonarQube Community Build 25.1, to integrate SonarQube Community Build with GitLab self-managed subscriptions, we recommend using GitLab version 17.5+.

Integration solution overview

Integration is performed at two levels:

  • Global: Within your SonarQube instance, a “GitLab Configuration” record is used to manage the SonarQube access to your GitLab instance through the API. This record stores:

    • Your GitLab API’s URL.

    • A GitLab Personal Access Token (PAT) which is used by SonarQube to access your GitLab instance. This PAT is usually created from a dedicated technical account.

  • Project: A project administrator must provide a GitLab PAT to import their GitLab repository to SonarQube. SonarQube stores this PAT in its database, enabling it to list and import the repositories the administrator can access.

It means that SonarQube Community Build uses two different GitLab PATs:

  • The global PAT to access the GitLab instance in order to import repositories.

  • The project PAT to check the user's permissions on repositories when a user imports GitLab repositories.

Two different GitHub PATs are used for SonarQube integration with GitLab.

For information about the GitLab authentication solution, see GitLab.

Related pages

  • Setting up GitLab integration at global level This section explains how to set up the integration of SonarQube Community Build with GitLab. You need the global Administer System permission in SonarQube to perform this setup.

  • Importing your GitLab repositories Once the integration of SonarQube Community Build with GitLab has been properly set up, you can import a GitLab repository to create the corresponding project in SonarQube Community Build.

  • Adding analysis to GitLab CI/CD pipeline Once you have created your project(s) in SonarQube Community Build, you can add the SonarQube Community Build analysis to your GitLab CI/CD pipeline.

PreviousGitLab integrationNextSetting up GitLab integration at global level

Last updated

Was this helpful?