GitHub Integration for SonarQube & SonarCloud | Sonar

GitHub Integration

clean code in your GitHub repositories

Sonar tightly integrates with GitHub enabling your team to consistently and efficiently deliver clean code that's free of vulnerabilities, bugs and code smells.

Sonar features for GitHub

extended GitHub experience for clean code

Enhance your GitHub experience with Sonar and ensure only clean code will be added to the code base. With just a few clicks you're up and running right where your code lives.

pull request decoration

Sonar automatically decorates code quality metrics directly on your pull requests & feature branches. Resolve issues BEFORE you merge.

go/no-go Quality Gate

Fail your GitHub pipelines when the quality of code doesn’t meet your defined requirements. Clean code becomes the norm!

code scanning alerts

Review and prioritize issue remediation during code reviews directly from GitHub Security.

monorepo support

Configure multiple Quality Gates and receive project-labeled messages in your GitHub mono repository.

Background image of bits of code connecting to each other

integrate GitHub with Sonar now!

Self-managed app -->SaaS App -->
easy onboarding, instant value

built-in features make analysis a snap!

easy onboarding and authentication

Sonar supports authentication delegation - if you're logged into your GitHub account, you're all set!

auto issue assignment

Native Git data support so issues are automatically assigned and tracked.

continuous inspection

Optionally configure your CI chain to automatically analyze pull requests and branches.

loved by developers, trusted by organizations.

a must-have for your team


developers use Sonar


coding rules available


lines of code analyzed

GitHub Code Scanning

Security vulnerability review in GitHub

Sonar integration with GitHub code scanning helps you review and prioritize vulnerabilities directly from your repository during your code reviews.

Learn more -->
reviewing vulnerability in GitHub

see the benefits for yourself!

Watch the video GitHub Pull Request/Branch Decoration with SonarQube

end-to-end CI/CD benefits

With its tight coupling to GitHub, Sonar analyzes your projects and provides code health metrics at the right time and in the right place

Promote only clean builds

With non-disruptive code quality analysis, your project’s Quality Gate status is clearly decorated right in GitHub Checks along with code coverage and duplication metrics. Live updating keeps everyone on the same page.

If you’ve adopted GitHub Actions, Sonar nicely integrates there with autodetection of branches and PRs. Of course, you can also integrate with Jenkins, CircleCI, TravisCI or any other CI.

See it in SonarQube -->
Image shows results of a pull request

Less setup; more analysis

You’ve got fresh code to analyze so we make it easy to get started. An onboarding wizard guides you in adding all your projects and setting up autodetection of branches and PRs.

1-click with SonarCloud -->
Setting up SonarQube and SonarCloud is easy

supports dozens of popular languages, development frameworks and IaC platforms

Background image of bits of code connecting to each other

integrate GitHub with Sonar now!

  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2023, SonarSource S.A, Switzerland. All content is copyright protected. SONAR, SONARSOURCE, SONARLINT, SONARQUBE and SONARCLOUD are trademarks of SonarSource SA. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.