Start Free
Latest | User guide | Issues | Managing security issues in DevOps platform

Was this page helpful?

Viewing and managing security issues in your DevOps platform

On this page

This page explains how to view and/or manage the security issues reported by SonarQube in your GitHub or GitLab instance.

Managing security issues in GitHub

When you analyze a project in SonarQube, the detected security issues are displayed on the GitHub interface as code scanning alerts if set up in your system. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitHub interface. Similarly, if you change the status of a code scanning alert in GitHub, that change is reflected in SonarQube.

To view and manage your code scanning alerts:

  1. In GitHub, go to your repository's Security > Code scanning alerts tab.
  2. Select View alerts to see the full list.
Screenshot that shows the code scanning alerts section in GitHub.

Viewing the security issues in GitLab

When you analyze a project in SonarQube, the detected security issues are displayed on the GitLab interface as security vulnerabilities if set up in GitLab CI/CD. When you change the status of a security issue in the SonarQube interface that status change is immediately reflected in the GitLab interface. 

To view the security vulnerabilities:

  •  Go to the GitLab > Vulnerability report page.

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License