Issues reported in GitLab

SonarQube Server reports analysis summary comments in your GitLab merge requests and security issues in GitLab vulnerability report.

Pull request decoration

SonarQube Server sets up the report of your quality gate status and analysis metrics directly to your GitLab merge requests. Inline annotations are not supported.

Pull request decoration requires that pull request integration be correctly configured for your project. See Setting up GitLab integration at project level.

Vulnerability report

When you analyze a project in SonarQube Server, the detected security issues are displayed on the GitLab interface as security vulnerabilities if set up in GitLab CI/CD. See Reporting vulnerabilities in GitLabfor more information. When you change the status of a security issue in the SonarQube Server interface that status change is immediately reflected in the GitLab interface.

If you change the status of a security vulnerability in GitLab, that change is not reflected in SonarQube Server.

To view the security vulnerabilities:

Go to the GitLab > Vulnerability report page.

If your issues appear duplicated (it may be the case after the modification of a file), we recommend using the Activity > Still detected filter.

PreviousIssues reported in Bitbucket NextIssues reported in Azure DevOps

Last updated 2 hours ago

Was this helpful?

Good afternoon

Pull request decoration

Vulnerability report