# Managing security issues in DevOps platform

This page explains how to view and/or manage the security issues reported by SonarQube in your GitHub or GitLab instance.

## Managing security issues in GitHub <a href="#github" id="github"></a>

When you analyze a project in SonarQube, the detected security issues are displayed on the GitHub interface as code scanning alerts [Setting up the report of security alerts](/sonarqube-server/10.6/devops-platform-integration/github-integration/setting-up-at-global-level/report-security-alerts.md). When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.

To view and manage your code scanning alerts:

1. In GitHub, go to your repository’s **Security** > **Code scanning alerts** tab.
2. Select **View alerts** to see the full list.

![](/files/0aqopCqXW2lBHYvk3094)

## Viewing the security issues in GitLab <a href="#gitlab" id="gitlab"></a>

When you analyze a project in SonarQube, the detected security issues are displayed on the GitLab interface as security vulnerabilities [Setting up integration at project level](/sonarqube-server/10.6/devops-platform-integration/gitlab-integration/setting-up-at-project-level.md). When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitLab interface.

{% hint style="warning" %}
If you change the status of a security vulnerability in GitLab, that change is *not* reflected in SonarQube.
{% endhint %}

To view the security vulnerabilities:

* Go to the **GitLab** > **Vulnerability** report page.

{% hint style="info" %}
If your issues appear duplicated (it may be the case after the modification of a file), we recommend using the **Activity** > **Still detected** filter.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sonarsource.com/sonarqube-server/10.6/user-guide/issues/security-issues-in-devops-platform.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.