Eliminate Bugs and Vulnerabilities
in your GitHub repositories

SonarQube Commercial Editions integrate tightly with GitHub (SaaS & self-managed) so your team can write clean, quality code all day long!

Request Free Trial

Find issues before you merge

SonarQube analyzes branches and Pull Requests so you spot and resolve issues BEFORE you merge to main. You can optionally fail your pipeline if the Quality Gate doesn’t pass. Clean code becomes the norm!

Block the merge of a Pull Requests in GitHub. See the video

×

SonarQube analyzes branches and Pull Requests in GitHub

Always know your code health

SonarQube publishes Quality Gate and code metric results right in GitHub Checks. You’re always getting the right info, at the right time and in the right place.

SonarQube helps you find AND fix

Finding code issues is great...and fixing them is awesome! SonarQube dives directly into detected issues and offers contextual help so you can resolve them quickly.

Bonus: you learn clean coding practices each day.

Bugs

Security Vulnerabilities

Security Hotspots

Code Smells

SonarQube detects issues and offers contextual help

See the benefits for yourself!

0:52min
Analysis workflow
1:17min
PR Decoration Demo
2:32min
Benefits Summary
3:07min
Wrap Up

Built-in features make analysis a snap!

Easy authentication

Built-in feature for easy GitHub authentication

SonarQube supports authentication delegation - if you're logged into your GitHub account, you're all set!

Auto issue assignment

Built-in feature for auto blame assignement

Native Git data support so issues are automatically assigned and tracked.

Continuous inspection

Built-in feature for CI chain configuration

Optionally configure your CI chain to automatically analyze pull requests and branches.

End-to-End CI/CD benefits

With its tight coupling to GitHub, SonarQube analyzes your projects and provides
code health metrics at the right time and in the right place.

Non-disruptive code quality analysis overlays your workflow so you can intelligently promote only clean builds.

Your project’s Quality Gate status is clearly decorated right in GitHub Checks along with code coverage and duplication metrics. Live updating keeps everyone on the same page.

If you’ve adopted GitHub Actions, SonarQube nicely integrates there with autodetection of branches and PRs. Of course, you can also integrate with Jenkins, Azure Pipelines, Bitbucket Pipelines, or any other CI.

Less setup; more analysis

You’ve got fresh code to analyze so we make it easy to get started. An onboarding wizard guides you in adding all your projects and setting up autodetection of branches and PRs.