Skip to end of metadata
Go to start of metadata
By SonarSource – GNU LGPL 3 – Issue TrackerSources – Supported by SonarSource
More versions
GitHub 1.4.2 – Nov 08, 2017 – SonarQube 5.6+ (Compatible with LTS)
Fix GitHub commit ID overflow
DownloadRelease notes


The GitHub Plugin serves only one purpose: analyse GitHub pull requests without pushing results to SonarQube. Any issues that are found are published as comments on the pull request.

The plugin performs the following operations:

  1. Add an inline comment for each issue
  2. Add a global comment that gives a summary of the analysis
  3. [Optionally since v1.3] Update the status of the analysis: if no blocker no critical issues were found, the check is green - otherwise it is red to raise attention



  • SonarQube Server must be up and running. If that's not the case, see Setup and Upgrade.
  • The SonarQube GitHub plugin is installed on SonarQube Server. 


  • You have a dedicated technical GitHub user which will be used to insert comments when there are issues and update the status of the pull request.
    • To insert comments, you just need to generate a token (for that user) that has only the "public_repo" scope (or "repo" for private repositories)

    • The update of the pull request is optional (since version 1.3): the technical user must have commit rights on the target repository to be able to update the status of the Pull Request. Otherwise, then a warning will be logged. 


Checkout the branch of the pull request you want to analyse and run a SonarQube preview analysis with following parameters:

Default value



Set to preview 
Personal access token generated in GitHub for the technical user 
sonar.github.repositoryIdentification of the repository. Format is: <organisation/repo>. Exemple: SonarSource/sonarqubeExtracted from property sonar.links.scm_dev
sonar.github.pullRequestPull request number 

Optional parameters:

Default value
URL to access GitHub WS API. Default value is fine for public GitHub. It is needed for GitHub enterprise.
If set to true issues will not be reported as inline comments but only in the global summary commentfalse


Example with SonarQube Scanner
sonar-scanner -Dsonar.analysis.mode=preview \
              -Dsonar.github.pullRequest=$PULL_REQUEST_ID \
              -Dsonar.github.repository=myOrganisation/myProject \
              -Dsonar.github.oauth=$GITHUB_ACCESS_TOKEN \

Real-life Example

SonarSource is using this plugin to analyse every pull request that SonarSource developers create when working on a feature / improvement / bug fix.

For instance, you can take a look at the GitHub repository of the SonarQube project itself:

Have Question or Feedback?

To provide feedback (request a feature, report a bug etc.) use the SonarQube Google Group. Please do not forget to specify plugin and SonarQube versions if it relates to a bug. If you have a question on how to use plugin direct it to StackOverflow tagged with both sonarqube and github.


  • No labels