Issues reported in GitHub

SonarQube Server reports an analysis summary on your GitHub pull requests and can display security issues as code scanning alerts in the GitHub interface.

Pull request decoration

SonarQube Server provides issue reporting for GitHub pull requests. Besides the pull request analysis summary found in the Checks and Conversation tabs, you will also see issues reported as inline annotations directly within the Files changed tab as illustrated below.

Issues are reported as inline annotations in the Files changed tab.

From an inline annotation, you can:

View the corresponding issue in SonarQube: copy-paste in your browser the See more on link below the annotation text.
View the pull request analysis summary in SonarQube: select the View details button. If this button is not available, select the Try the new experience link in the top right corner of your pull request page as illustrated below.

Pull request decoration requires that pull request integration be correctly configured for your project. See Setting up pull request integration.

Code scanning alerts

When you analyze a project in SonarQube, the detected security issues are displayed on the GitHub interface as code scanning alerts, if set up in your system. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.To view and manage your code scanning alerts:

In GitHub, go to your repository’s Security > Code scanning alerts tab.
Select View alerts to see the full list.

Managing your code scanning alerts in GitHub

For AI-powered review comments directly in pull requests, see Gitar, a separate Sonar product.

PreviousIn your DevOps platform NextIssues reported in Bitbucket

Last updated 8 days ago

Was this helpful?

Good evening

Pull request decoration

Code scanning alerts

Related pages