SonarQube Community to GitHub Security Tab (SARIF)

Version updated for https://github.com/vmvarela/sonarqube-ce-sarif-action to version v1.0.1.

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

This GitHub Action enables seamless integration of SonarQube Community Edition (CE) analysis results into GitHub by converting SonarQube issues into the SARIF format, which is compatible with GitHub’s security and code scanning features. It automates the process of fetching issues from the SonarQube REST API, creating GitHub Check Runs with annotations, and optionally posting pull request comments, while filtering results to relevant files in PRs. This action addresses the limitation of SonarQube CE by making its results accessible directly within GitHub, where developers collaborate and review code.

Release notes

What’s Changed

New Features

• feat: add SonarQube dashboard links by @vmvarela in https://github.com/vmvarela/sonarqube-ce-sarif-action/pull/17

Full Changelog: https://github.com/vmvarela/sonarqube-ce-sarif-action/compare/v1...v1.0.1

• vmvarela
• GitHub Actions