By SonarSource – GNU LGPL 3 – Issue Tracker – Sources – Supported by SonarSource
More versions

GitHub 1.4.2 – Nov 08, 2017 – SonarQube 6.7+ (Compatible with LTS)
Fix GitHub commit ID overflow
Download – Release notes

Description

The GitHub Plugin serves only one purpose: analyse GitHub pull requests without pushing results to SonarQube. Any issues that are found are published as comments on the pull request.

The plugin performs the following operations:

Add an inline comment for each issue
Add a global comment that gives a summary of the analysis
[Optionally since v1.3] Update the status of the analysis: if no blocker no critical issues were found, the check is green - otherwise it is red to raise attention

Requirements

SonarQube

SonarQube Server must be up and running. If that's not the case, see Setup and Upgrade.
The SonarQube GitHub plugin is installed on SonarQube Server.

GitHub

You have a dedicated technical GitHub user which will be used to insert comments when there are issues and update the status of the pull request.
- To insert comments, you just need to generate a token (for that user) that has only the "public_repo" scope (or "repo" for private repositories)

- The update of the pull request is optional (since version 1.3): the technical user must have commit rights on the target repository to be able to update the status of the Pull Request. Otherwise, then a warning will be logged.

Usage

Checkout the branch of the pull request you want to analyse and run a SonarQube preview analysis with following parameters:

Key	Description	Default value
DEPRECATED FROM SQ 6.6 `sonar.analysis.mode`	Set to `preview`
sonar.github.oauth	Personal access token generated in GitHub for the technical user
`sonar.github.repository`	Identification of the repository. Format is: <organisation/repo>. Exemple: SonarSource/sonarqube	Extracted from property `sonar.links.scm_dev`
`sonar.github.pullRequest`	Pull request number

Optional parameters:

Key	Description	Default value
sonar.github.endpoint	URL to access GitHub WS API. Default value is fine for public GitHub. It is needed for GitHub enterprise.	`https://api.github.com`
sonar.github.disableInlineComments	If set to `true` issues will not be reported as inline comments but only in the global summary comment	`false`

Example

Example with SonarQube Scanner

sonar-scanner -Dsonar.analysis.mode=preview \
              -Dsonar.github.pullRequest=$PULL_REQUEST_ID \
              -Dsonar.github.repository=myOrganisation/myProject \
              -Dsonar.github.oauth=$GITHUB_ACCESS_TOKEN \
              -Dsonar.host.url=https://server/sonarqube \
              -Dsonar.login=$SONARQUBE_ACCESS_TOKEN

Have Question or Feedback?

To provide feedback (request a feature, report a bug etc.) use the SonarQube Google Group. Please do not forget to specify plugin and SonarQube versions if it relates to a bug. If you have a question on how to use plugin direct it to StackOverflow tagged with both sonarqube and github.