SonarQube Community to GitHub Security Tab (SARIF)

Version updated for https://github.com/vmvarela/sonarqube-ce-sarif-action to version v0.3.0.

• This action is used across all versions by ? repositories.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action integrates SonarQube Community Edition with GitHub by converting SonarQube scan results into SARIF format and uploading them to the GitHub Security Tab. It automates PR feedback through inline annotations, check summaries, and issue tracking in GitHub’s Security Tab, addressing the lack of native integration in SonarQube CE. Key capabilities include PR decoration, smart issue filtering, and optional quality gate enforcement based on issue severity.

Release notes

What’s Changed

Documentation

• docs: add RFC-001 technical design document by @vmvarela in https://github.com/vmvarela/sonarqube-ce-sarif-action/pull/10
• feat: PR decoration with Check Run, annotations, comments and Security Tab integration by @vmvarela in https://github.com/vmvarela/sonarqube-ce-sarif-action/pull/11

Full Changelog: https://github.com/vmvarela/sonarqube-ce-sarif-action/compare/v0...v0.3.0

• vmvarela
• GitHub Actions