SonarQube to GitHub Security Tab (SARIF)
Version updated for https://github.com/vmvarela/sonarqube-sarif to version v1.0.0.
- This action is used across all versions by ? repositories.
Action Type
This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
This GitHub Action integrates SonarQube analysis results with GitHub by converting issues into SARIF format for code scanning and creating pull request annotations, check run summaries, and optional PR comments. It automates the process of fetching, filtering, and presenting SonarQube findings directly within the GitHub interface, ensuring developers can access actionable code quality insights where they work. The action enhances workflows by narrowing PR feedback to changed files and uploading results to GitHub Security for default branch scans.