Viewing and managing issues in your DevOps platform
This page explains how to view and/or manage the issues reported by SonarQube Server in your GitHub, GitLab, or Azure DevOps instance.
Managing security issues in GitHub
When you analyze a project in SonarQube, the detected security issues are displayed on the GitHub interface as code scanning alerts if set up in your system. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.
To view and manage your code scanning alerts:
- In GitHub, go to your repository's Security > Code scanning alerts tab.
- Select View alerts to see the full list.
Viewing the security issues in GitLab
When you analyze a project in SonarQube Server, the detected security issues are displayed on the GitLab interface as security vulnerabilities if set up in GitLab CI/CD. When you change the status of a security issue in the SonarQube Server interface that status change is immediately reflected in the GitLab interface.
If you change the status of a security vulnerability in GitLab, that change is not reflected in SonarQube Server.
To view the security vulnerabilities:
- Go to the GitLab > Vulnerability report page.
If your issues appear duplicated (it may be the case after the modification of a file), we recommend using the Activity > Still detected filter.
Viewing the issues detected on a pull request in Azure DevOps
When you run a SonarQube Server analysis for a pull request, each SonarQube issue is displayed as a comment on the Azure DevOps pull request. If the Azure DevOps instance is configured correctly and you change the status of an issue in SonarQube Server, that status change is immediately reflected in the Azure DevOps interface.
Was this page helpful?
© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
