Viewing and managing security issues in your DevOps platform
This page explains how to view and/or manage the security issues reported by SonarQube Server in your GitHub or GitLab instance.
Managing security issues in GitHub
When you analyze a project in SonarQube, the detected security issues are displayed on the GitHub interface as code scanning alerts if set up in your system. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.
To view and manage your code scanning alerts:
- In GitHub, go to your repository's Security > Code scanning alerts tab.
- Select View alerts to see the full list.
Viewing the security issues in GitLab
When you analyze a project in SonarQube Server, the detected security issues are displayed on the GitLab interface as security vulnerabilities if set up in GitLab CI/CD. When you change the status of a security issue in the SonarQube Server interface that status change is immediately reflected in the GitLab interface.
If you change the status of a security vulnerability in GitLab, that change is not reflected in SonarQube Server.
To view the security vulnerabilities:
- Go to the GitLab > Vulnerability report page.
If your issues appear duplicated (it may be the case after the modification of a file), we recommend using the Activity > Still detected filter.
Was this page helpful?