Issues reported in GitHub

SonarQube Server reports an analysis summary on your GitHub pull requests and can display security issues as code scanning alerts in the GitHub interface.

Pull request decoration

SonarQube Server reports the analysis results summary in your GitHub pull request's Conversation and Checks tabs. Inline annotations are not supported. Note that:

The summary display can be disabled in the Conversation tab.
Pull request decoration requires that pull request integration be correctly configured for your project.

For more information, see Setting up pull request integration.

Code scanning alerts

When you analyze a project in SonarQube, the detected security issues are displayed on the GitHub interface as code scanning alerts, if set up in your system. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.To view and manage your code scanning alerts:

In GitHub, go to your repository’s Security > Code scanning alerts tab.
Select View alerts to see the full list.

Managing your code scanning alerts in GitHub

Setting up project integration Setting up the report of security alerts

PreviousIn your DevOps platform NextIssues reported in Bitbucket

Last updated 1 month ago

Was this helpful?

Good afternoon

hashtagPull request decoration

hashtagCode scanning alerts

hashtagRelated pages

Pull request decoration

Code scanning alerts

Related pages