Issues reported in DevOps platform

You can view directly in your GitHub or GitLab the security issues raised by SonarQube on your code.

This page explains how to view and/or manage the security issues reported by SonarQube in your GitHub or GitLab instance.

Managing security issues in GitHub

When you analyze a project in SonarQube, the detected security issues are displayed on the GitHub interface as code scanning alerts Setting up the report of security alerts. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.

To view and manage your code scanning alerts:

In GitHub, go to your repository’s Security > Code scanning alerts tab.
Select View alerts to see the full list.

Viewing the security issues in GitLab

When you analyze a project in SonarQube, the detected security issues are displayed on the GitLab interface as security vulnerabilities Setting up GitLab integration at project level. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitLab interface.

If you change the status of a security vulnerability in GitLab, that change is not reflected in SonarQube.

To view the security vulnerabilities:

Go to the GitLab > Vulnerability report page.

If your issues appear duplicated (it may be the case after the modification of a file), we recommend using the Activity > Still detected filter.

PreviousFixing issues NextManaging security hotspots

Last updated 2 months ago

Was this helpful?