search
Start Free

Issues reported in GitHub

SonarQube Server reports an analysis summary on your GitHub pull requests and can display security issues as code scanning alerts in the GitHub interface.

hashtag
Pull request decoration

SonarQube Server provides issue reporting for GitHub pull requests. Besides the pull request analysis summary found in the Checks and Conversation tabs, you will also see issues reported as inline annotations directly within the Files changed tab as illustrated below.

Issues are reported as inline annotations in the Files changed tab.

From an inline annotation, you can:

  • View the corresponding issue in SonarQube: copy-paste in your browser the See more on link below the annotation text.

  • View the pull request analysis summary in SonarQube: select the View details button. If this button is not available, select the Try the new experience link in the top right corner of your pull request page as illustrated below.

Select the Try the new experience link to enable the View details button in SonarQube's inline annotations.
circle-info

Pull request decoration requires that pull request integration be correctly configured for your project. See Setting up pull request integration.

hashtag
Code scanning alerts

When you analyze a project in SonarQube, the detected security issues are displayed on the GitHub interface as code scanning alerts, if set up in your system. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.To view and manage your code scanning alerts:

  1. In GitHub, go to your repository’s Security > Code scanning alerts tab.

  2. Select View alerts to see the full list.

Managing your code scanning alerts in GitHub

hashtag
Related pages

PreviousIn your DevOps platformNextIssues reported in Bitbucket

Last updated

Was this helpful?