Setting up a new project should be about writing code, not configuring tools. Until now, every time your team created a new GitHub repository, an admin had to manually import it into SonarQube Cloud to start seeing analysis. It was a small task, but it added up. And sometimes, repos were simply forgotten, leaving gaps in your code coverage. To address this, we are pleased to announce the general availability of automatic provisioning for GitHub repositories on SonarQube Cloud.

This feature is designed to eliminate the manual overhead of project setup, ensuring that your code is verified from the very first commit, without requiring ongoing admin intervention.

The value of zero-touch GitHub repository provisioning 

By shifting to an automated provisioning model, SonarQube Cloud helps teams achieve several strategic objectives:

• Accelerated time to value: The moment a new repository is created in your GitHub organization, SonarQube Cloud automatically provisions a bound project.
• Actionable insights from day 1: Initial analysis is triggered automatically upon repository creation. This ensures developers receive immediate feedback on their code quality and security posture before technical debt has a chance to accumulate.
• Simplified governance: Admins no longer need to "find" and import new projects manually. This "set and forget" integration ensures 100% coverage for new codebases, maintaining your organization's standards by default.
• Reduced automation complexity: This native capability replaces the need for maintaining custom API scripts or complex internal automation for project onboarding.

How it works

The workflow is seamless and background-driven. 

1. Creation: A developer creates a new repository within your linked GitHub organization.
2. Provisioning: SonarQube Cloud instantly detects the new repo and creates a corresponding project.
3. Analysis: An initial analysis is kicked off, providing instant visibility into the code's reliability, maintainability, and security.

Why use it?

• No more "missing" repos: You don't have to go hunting for new projects created by your teams. If they exist in GitHub, they're being analyzed in SonarQube Cloud.
• Results on day 1: You get feedback on code quality and security vulnerabilities before you've even finished the first week of development.
• Set and forget: This replaces the need for custom scripts or API work that you might have built to handle onboarding.

How to enable automatic provisioning

For new organizations, this is enabled by default. For existing SonarQube Cloud organizations, this feature is available as an opt-in toggle. Organization admins can enable it by following these steps:

1. Navigate to Administration > Organization settings.
2. Select GitHub integration.
3. Locate the Automatic provisioning section and toggle the setting to On.

Note: This feature currently applies to newly created repositories. Bulk import capabilities for existing "brownfield" repositories are coming soon!

Build a secure-by-default environment

At Sonar, our goal is to provide the foundation for high-performance engineering by making code verification a natural, frictionless part of the software development lifecycle. Automatic provisioning removes the "setup lag," allowing your team to focus on building while SonarQube Cloud handles the oversight.

For organization admins: We encourage you to toggle this feature on today to streamline your development workflow and ensure no new project goes unverified.

New to SonarQube Cloud? Experience the power of automated code review and see how easy it is to secure your GitHub repositories from the start. Sign up here to get started.