Introduction

SonarQube’s integration with GitHub Enterprise and GitHub.com allows you to maintain code quality and security in your GitHub repositories.

With this integration, you’ll be able to:

• Import your GitHub repositories: Import your GitHub repositories into SonarQube to easily set up SonarQube projects.

• Analyze projects with GitHub Actions: Integrate analysis into your build pipeline. Starting in Developer Edition, SonarScanners running in GitHub Actions jobs can automatically detect branches or pull requests being built so you don’t need to specifically pass them as parameters to the scanner.

• Report your quality gate status to your branches and pull requests: (starting in Developer Edition) See your quality gate and code metric results right in GitHub so you know if it’s safe to merge your changes.

• Authenticate with GitHub: Sign in to SonarQube with your GitHub credentials.

• Display code scanning alerts for vulnerability issues in GitHub: Display security vulnerability issues found by SonarQube as code scanning alerts in the GitHub interface.

Learn more

• Setting up the GitHub integration

• Adding analysis to GitHub Actions workflow

• Setting up your projects

• If you're using a monorepo