circle-info
This version of the SonarQube documentation is no longer maintained. It relates to a version of SonarQube that is not active.
search
Start Free

Managing security issues in DevOps platform

You can view directly in your GitHub or GitLab the security issues raised by SonarQube on your code.

This page explains how to view and/or manage the security issues reported by SonarQube in your GitHub or GitLab instance.

hashtag
Managing security issues in GitHub

When you analyze a project in SonarQube, the detected security issues are displayed on the GitHub interface as code scanning alerts Setting up the report of security alerts. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.

To view and manage your code scanning alerts:

  1. In GitHub, go to your repository’s Security > Code scanning alerts tab.

  2. Select View alerts to see the full list.

hashtag
Viewing the security issues in GitLab

When you analyze a project in SonarQube, the detected security issues are displayed on the GitLab interface as security vulnerabilities Setting up integration at project level. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitLab interface.

circle-exclamation

If you change the status of a security vulnerability in GitLab, that change is not reflected in SonarQube.

To view the security vulnerabilities:

  • Go to the GitLab > Vulnerability report page.

circle-info

If your issues appear duplicated (it may be the case after the modification of a file), we recommend using the Activity > Still detected filter.

PreviousConfiguring issue-related notificationsNextSecurity Hotspots

Last updated

Was this helpful?