Security vulnerability review in GitHub
Sonar integration with GitHub code scanning helps you review and prioritize vulnerabilities directly from your repository during your code reviews.

GitHub Integration
Sonar tightly integrates with GitHub enabling your team to consistently and efficiently deliver clean code that's free of vulnerabilities, bugs and code smells.
Enhance your GitHub experience with Sonar and ensure only clean code will be added to the code base. With just a few clicks you're up and running right where your code lives.
Sonar automatically decorates code quality metrics directly on your pull requests & feature branches. Resolve issues BEFORE you merge.
Fail your GitHub pipelines when the quality of code doesn’t meet your defined requirements. Clean code becomes the norm!
Review and prioritize issue remediation during code reviews directly from GitHub Security.
Configure multiple Quality Gates and receive project-labeled messages in your GitHub mono repository.
Sonar supports authentication delegation - if you're logged into your GitHub account, you're all set!
Native Git data support so issues are automatically assigned and tracked.
Optionally configure your CI chain to automatically analyze pull requests and branches.
developers use Sonar
coding rules available
lines of code analyzed
Sonar integration with GitHub code scanning helps you review and prioritize vulnerabilities directly from your repository during your code reviews.
With its tight coupling to GitHub, Sonar analyzes your projects and provides code health metrics at the right time and in the right place
With non-disruptive code quality analysis, your project’s Quality Gate status is clearly decorated right in GitHub Checks along with code coverage and duplication metrics. Live updating keeps everyone on the same page.
If you’ve adopted GitHub Actions, Sonar nicely integrates there with autodetection of branches and PRs. Of course, you can also integrate with Jenkins, CircleCI, TravisCI or any other CI.
You’ve got fresh code to analyze so we make it easy to get started. An onboarding wizard guides you in adding all your projects and setting up autodetection of branches and PRs.