Issues reported in DevOps platform
You can view directly in your GitHub or GitLab the security issues raised by SonarQube on your code.
This page explains how to view and/or manage the security issues reported by SonarQube in your GitHub or GitLab instance.
Managing security issues in GitHub
When you analyze a project in SonarQube, the detected security issues are displayed on the GitHub interface as code scanning alerts Setting up the report of security alerts. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.
To view and manage your code scanning alerts:
In GitHub, go to your repository’s Security > Code scanning alerts tab.
Select View alerts to see the full list.

Viewing the security issues in GitLab
When you analyze a project in SonarQube, the detected security issues are displayed on the GitLab interface as security vulnerabilities Setting up GitLab integration at project level. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitLab interface.
If you change the status of a security vulnerability in GitLab, that change is not reflected in SonarQube.
To view the security vulnerabilities:
Go to the GitLab > Vulnerability report page.
Last updated
Was this helpful?