Latest | DevOps platform integration | GitHub integration | Introduction
Was this page helpful?
GitHub integration
On this page
SonarQube's integration with GitHub Enterprise and GitHub.com allows you to maintain code quality and security in your GitHub repositories.
With this integration, you'll be able to:
- Authenticate with GitHub: Sign in to SonarQube with your GitHub credentials.
- Import your GitHub repositories: Import your GitHub repositories into SonarQube to easily set up SonarQube projects.
- Analyze projects with GitHub Actions: Integrate analysis into your build pipeline. Starting in Developer Edition, SonarScanners running in GitHub Actions jobs can automatically detect branches or pull requests being built so you don't need to specifically pass them as parameters to the scanner.
- Report your quality gate status to your branches and pull requests (starting in Developer Edition): See your quality gate and code metric results right in GitHub so you know if it's safe to merge your changes.
- Display code scanning alerts for vulnerability issues in GitHub: Display security issues found by SonarQube as code scanning alerts in the GitHub interface.
- Manage your monorepos: Import your monorepo into SonarQube to easily manage the related projects.
If you're using GitHub Enterprise, we recommend using GitHub Enterprise version 3.4+.
Related pages
- Setting up the GitHub integration at the global level
This section explains how to set up GitHub and SonarQube for their integration at the global level. You need the global Administer System permission in SonarQube to perform this setup. - Importing your GitHub repositories
Once the integration of SonarQube with GitHub has been properly set up, you can import a GitHub repository or monorepo to create the corresponding project(s) in SonarQube. - Setting up GitHub integration features at the project level
This page explains how to set up GitHub integration features for a given project, such as pull request decoration or the blocking of pull requests in case of quality gate failure. You need the Administer permission on the project to perform this setup. - Adding the SonarQube analysis to your GitHub Actions workflow
Once you have created your project(s) in SonarQube, you can add the SonarQube analysis to your GitHub Actions workflow, in a standard case and in the case of a monorepo.
© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
