Introduction

SonarQube Server’s integration with GitHub allows you to maintain code quality and security in your GitHub repositories.

With this integration, you’ll be able to:

• Sign in to SonarQube Server with your GitHub credentials.

• Import your GitHub repositories into SonarQube Server to easily set up SonarQube Server projects.

• Analyze projects with GitHub Actions: Integrate analysis into your build pipeline. SonarScanners running in GitHub Actions jobs can automatically detect branches or pull requests being built so you don’t need to specifically pass them as parameters to the scanner. You can also fail the pipeline if the SonarQube quality gate fails.

• Report your quality gate status to your branches and pull requests. See your quality gate and code metric results right in GitHub so you know if it’s safe to merge your changes.

• Display security issues found by SonarQube Server as code scanning alerts in the GitHub interface.

• Import your monorepo into SonarQube Server to easily manage the related projects.

Prerequisites

You can use any GitHub plan. If you use GitHub Enterprise Server, we recommend using GitHub Enterprise version 3.14+.

Related pages

• Introduction to Setting up the GitHub integration at the global level. This section explains how to set up GitHub and SonarQube Server for their integration at the global level. You need the global Administer System permission in SonarQube Server to perform this setup.

• Importing GitHub repositories Once the integration of SonarQube Server with GitHub has been properly set up, you can import a GitHub repository or monorepo to create the corresponding projects in SonarQube Server.

• Setting up project integration This page explains how to set up GitHub integration features for a given project, such as pull request decoration or the blocking of pull requests in case of quality gate failure. You need the Administer permission on the project to perform this setup.

• Adding analysis to GitHub Actions workflow Once you have created your project in SonarQube Server, you can add the SonarQube Server analysis to your GitHub Actions workflow, in a standard case and in the case of a monorepo.