GitHub Integration | Mapping your organization into SonarQube

Setting Up the DevOps Platform Configuration

Organizations looking to integrate their GitHub repositories with SonarQube must begin by establishing a DevOps platform configuration as a local administrator. Users can initiate this process either through a prompt on the landing screen or via the Administration menu under DevOps Platform Integrations. The configuration requires a name and the appropriate API URL—developers using GitHub Enterprise should specify their internal domain URL, while those using github.com can use the standard URL provided in the documentation. A GitHub app must be installed within the organization following SonarQube's guidance, after which the relevant credentials can be transferred to the SonarQube user interface. Once saved, SonarQube validates the configuration to ensure proper connectivity.

Enabling Authentication and User Management

Beyond project analysis, the same GitHub app enables authentication integration for SonarQube users. By copying the client ID and client secret into SonarQube, organizations can allow developers to log in using their GitHub identity rather than creating separate SonarQube accounts. This integration also supports synchronizing GitHub teams as groups within SonarQube, creating a seamless mapping between the two platforms. Users can verify the authentication setup is working by logging out and confirming the "Login with GitHub" option appears on the login screen. Developers must then authorize the integration through their GitHub account to gain access, streamlining the user management process across both platforms.

Project Setup and Analysis Configuration

Creating projects for analysis can be accomplished through multiple methods: directly from the SonarQube UI, programmatically via the SonarQube Web API, or automatically upon the first analysis run using a scanner with appropriate create-project permissions. When setting up analysis through GitHub Actions, users should follow the on-screen guidance to generate authentication tokens and create the necessary workflow YAML file. SonarQube recommends reusing existing tokens across multiple projects rather than generating unique tokens for each setup, improving security and manageability. The platform provides project-type-specific guidance during setup, ensuring developers select the correct build configuration for their repository.

Automating Analysis and Pull Request Decoration

Once the GitHub Actions workflow is configured, SonarQube automatically triggers analysis on any code changes pushed to the repository. Initial analysis results establish a baseline for the branch, with subsequent analyses providing new-code metrics after each push. SonarQube's most powerful feature for pull request workflows is automatic decoration—the platform enriches pull requests with quality gate results and analysis information directly within GitHub, enabling developers to assess code quality before merging. By configuring branch protection rules in GitHub to require passing SonarQube status checks before merging, organizations can ensure only clean code reaches their main and release branches, creating a robust quality gate in the development workflow.

Key Takeaways

• GitHub organization mapping requires installing a GitHub app and configuring API credentials in SonarQube's DevOps Platform Integrations settings
• GitHub authentication integration allows developers to log in using their GitHub identity, with automatic synchronization of GitHub teams as SonarQube groups
• Projects can be created via the SonarQube UI, API calls, or automatically on first analysis, with GitHub Actions serving as the recommended CI/CD integration method
• Pull requests are automatically decorated with SonarQube quality gate results, providing developers immediate feedback on code quality
• Branch protection rules should be configured in GitHub to require SonarQube status checks, preventing unclean code from merging into protected branches