Issues reported in GitHub
SonarQube Server reports an analysis summary on your GitHub pull requests and can display security issues as code scanning alerts in the GitHub interface.
Pull request decoration
SonarQube Server reports the analysis results summary in your GitHub pull request's Conversation and Checks tabs. Inline annotations are not supported.
Note that:
The summary display can be disabled in the Conversation tab.
Pull request decoration requires that pull request integration be correctly configured for your project.
For more information, see Setting up pull request integration.
Code scanning alerts
When you analyze a project in SonarQube, the detected security issues are displayed on the GitHub interface as code scanning alerts, if set up in your system. See Setting up the report of security alerts for more information. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.
To view and manage your code scanning alerts:
In GitHub, go to your repository’s Security > Code scanning alerts tab.
Select View alerts to see the full list.
Related pages
Last updated
Was this helpful?