{"id":47630627,"url":"https://github.com/rufer7/github-sonarcloud-integration","last_synced_at":"2026-04-01T23:25:08.225Z","repository":{"id":235003349,"uuid":"789892479","full_name":"rufer7/github-sonarcloud-integration","owner":"rufer7","description":"Scan and analyze GitHub repository with SonarQube Cloud","archived":false,"fork":false,"pushed_at":"2025-11-05T08:06:37.000Z","size":194,"stargazers_count":9,"open_issues_count":1,"forks_count":3,"subscribers_count":1,"default_branch":"develop","last_synced_at":"2025-11-05T10:06:49.672Z","etag":null,"topics":["github","sonarcloud","sonarqube-cloud"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rufer7.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-04-21T20:41:16.000Z","updated_at":"2025-11-05T08:06:40.000Z","dependencies_parsed_at":"2025-08-31T09:10:37.462Z","dependency_job_id":"afb5b1d7-ec94-46d0-bd7d-2d8495fc3061","html_url":"https://github.com/rufer7/github-sonarcloud-integration","commit_stats":null,"previous_names":["rufer7/github-sonarcloud-integration"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/rufer7/github-sonarcloud-integration","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rufer7%2Fgithub-sonarcloud-integration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rufer7%2Fgithub-sonarcloud-integration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rufer7%2Fgithub-sonarcloud-integration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rufer7%2Fgithub-sonarcloud-integration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rufer7","download_url":"https://codeload.github.com/rufer7/github-sonarcloud-integration/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rufer7%2Fgithub-sonarcloud-integration/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292894,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github","sonarcloud","sonarqube-cloud"],"created_at":"2026-04-01T23:25:07.604Z","updated_at":"2026-04-01T23:25:08.218Z","avatar_url":"https://github.com/rufer7.png","language":"C#","readme":"# github-sonarcloud-integration\n\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=rufer7_github-sonarcloud-integration\u0026metric=alert_status)](https://sonarcloud.io/summary/overall?id=rufer7_github-sonarcloud-integration)\n[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=rufer7_github-sonarcloud-integration\u0026metric=bugs)](https://sonarcloud.io/summary/overall?id=rufer7_github-sonarcloud-integration)\n[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=rufer7_github-sonarcloud-integration\u0026metric=code_smells)](https://sonarcloud.io/summary/overall?id=rufer7_github-sonarcloud-integration)\n[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=rufer7_github-sonarcloud-integration\u0026metric=coverage)](https://sonarcloud.io/summary/overall?id=rufer7_github-sonarcloud-integration)\n[![Duplicated Lines (%)](https://sonarcloud.io/api/project_badges/measure?project=rufer7_github-sonarcloud-integration\u0026metric=duplicated_lines_density)](https://sonarcloud.io/summary/overall?id=rufer7_github-sonarcloud-integration)\n[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=rufer7_github-sonarcloud-integration\u0026metric=ncloc)](https://sonarcloud.io/summary/overall?id=rufer7_github-sonarcloud-integration)\n[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=rufer7_github-sonarcloud-integration\u0026metric=reliability_rating)](https://sonarcloud.io/summary/overall?id=rufer7_github-sonarcloud-integration)\n[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=rufer7_github-sonarcloud-integration\u0026metric=security_rating)](https://sonarcloud.io/summary/overall?id=rufer7_github-sonarcloud-integration)\n[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=rufer7_github-sonarcloud-integration\u0026metric=sqale_index)](https://sonarcloud.io/summary/overall?id=rufer7_github-sonarcloud-integration)\n[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=rufer7_github-sonarcloud-integration\u0026metric=sqale_rating)](https://sonarcloud.io/summary/overall?id=rufer7_github-sonarcloud-integration)\n[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=rufer7_github-sonarcloud-integration\u0026metric=vulnerabilities)](https://sonarcloud.io/summary/overall?id=rufer7_github-sonarcloud-integration)\n\nScan and analyze GitHub repository with SonarQube Cloud\n\n\u003e [!NOTE]\n\u003e `SonarCloud` got renamed to `SonarQube Cloud`\n\n## Setup\n\n### Automatic Analysis\n\n\u003e [!IMPORTANT]\n\u003e With Automatic Analysis for .NET, certain rules for .NET source code are automatically deactivated. This includes security rules, all rules that come from outside the Sonar Way quality profile, as well as certain rules from within it.\n\n\u003e [!NOTE]\n\u003e Automatic analysis is only supported for GitHub repositories. If you are using a different version control system, you will need to use a different method to analyze your code.\n\n1. Follow the docs under [SonarQube Cloud - Getting Started with GitHub](https://docs.sonarsource.com/sonarqube-cloud/getting-started/github/) to setup `SonarQube Cloud` with `GitHub`\n   1. Sign up at [SonarQube Cloud](https://www.sonarsource.com/products/sonarcloud/)\n   1. Click `Import another organization`\n   1. Select your personal GitHub account or the organization that contains the repository you want to scan\n   1. When reaching the `Create your SonarQube Cloud organization` page adjust/update data and click `Create organization`\n   1. On `Analyze projects` page select the repository you want to scan and click `Set Up`\n   1. On `Set up project for Clean as You Code` page select the desired code definition and click `Create project`\n1. After completing the setup, the repository will be scanned automatically and you will see the results on the `SonarQube Cloud` dashboard\n\n### CI-based analysis\n\n\u003e [!IMPORTANT]\n\u003e Assumption: Automatic analysis is already set up for the repository\n\nTo set up CI-based analysis with GitHub actions ...\n\n- ... either follow the instructions (guided wizard) under https://sonarcloud.io/project/analysis_method?id=SONAR_CLOUD_PROJECT_ID\n- ... or use the official [sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action)\n\n\u003e [!TIP]\n\u003e For an example usage of `sonarqube-scan-action`, see [here](https://github.com/rufer7/aspnetcore-scan-testing/blob/main/.github/workflows/sonarqube-cloud.yml)\n\n#### Include languages other than C#\n\nTo include i.e. terraform files in the analysis of SonarScanner for .NET, the following adjustments are required.\n\n1. Extend the `dotnet-sonarscanner begin` command with project base dir argument `/d:sonar.projectBaseDir=\"D:\\a\\GITHUB_PROJECT_NAME\\GITHUB_PROJECT_NAME\"` where `GITHUB_PROJECT_NAME` is the name of the GitHub project\n1. Include the corresponding source files/folders in one of the projects `csproj` file\n\n   ```xml\n   \u003cItemGroup\u003e\n      \u003c!-- This is required to include terraform files in SonarQube Cloud analysis --\u003e\n      \u003cContent Include=\"..\\..\\deploy\\**\\*.tf\" Visible=\"false\"\u003e\n         \u003cCopyToOutputDirectory\u003eNever\u003c/CopyToOutputDirectory\u003e\n      \u003c/Content\u003e\n   \u003c/ItemGroup\u003e\n   ```\n\n   For more details see [here](https://docs.sonarsource.com/sonarqube/9.8/analyzing-source-code/scanners/sonarscanner-for-dotnet/#advanced-topics)\n\n#### Include .NET test coverage\n\nTo include .NET test coverage in the analysis of SonarScanner for .NET, the following adjustments are required in the GitHub actions workflow (see `.github\\workflows\\quality.yml`).\n\n```yaml\n# Install dotnet-coverage\n- name: Install dotnet-coverage\n  shell: pwsh\n  run: |\n    dotnet tool install --global dotnet-coverage\n- name: Build and analyze\n  env:\n    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any\n    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}\n  shell: pwsh\n  run: |\n    $ErrorActionPreference = \"Stop\"\n    $PSNativeCommandUseErrorActionPreference = $true\n  # Add /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml\n    ${{ runner.temp }}\\scanner\\dotnet-sonarscanner begin /k:\"rufer7_github-sonarcloud-integration\" /o:\"rufer7\" /d:sonar.token=\"$env:SONAR_TOKEN\" /d:sonar.host.url=\"https://sonarcloud.io\" /d:sonar.projectBaseDir=\"D:\\a\\github-sonarcloud-integration\\github-sonarcloud-integration\" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.terraform.provider.azure.version=3.100.0\n    dotnet build .\\src\\ArbitrarySolution.sln --configuration Release\n  # Execute tests and collect coverage\n    dotnet-coverage collect 'dotnet test .\\src\\ArbitraryProject.Tests\\ArbitraryProject.Tests.csproj' -f xml -o 'coverage.xml'\n    ${{ runner.temp }}\\scanner\\dotnet-sonarscanner end /d:sonar.token=\"$env:SONAR_TOKEN\"\n```\n\n## Scan Results\n\n### SonarQube Cloud\n\nThe scan results can be viewed on the [`SonarQube Cloud` dashboard](https://sonarcloud.io/summary/overall?id=rufer7_github-sonarcloud-integration)\n\n### GitHub\n\n\u003e [!IMPORTANT]\n\u003e The new SonarQube Cloud plans `Free` and `Team` do not support `GitHub Advanced Security integration` anymore - only `Enterprise` plan does\n\u003e\n\u003e For more details, see [here](https://www.sonarsource.com/plans-and-pricing/sonarcloud/)\n\nSecurity hotspots detected by SonarQube Cloud can be viewed directly on the [GitHub repository under `Security` tab in the `Code scanning` section](https://github.com/rufer7/github-sonarcloud-integration/security/code-scanning)\n\n**Example**\n\n![Code scanning alert](./assets/code-scanning-alert.png)\n\n### Pull Request (GitHub)\n\nPull request analysis results can be found directly on the pull requests.\n\nFor an example, see [here](https://github.com/rufer7/github-sonarcloud-integration/pull/5)\n\n## Useful Links\n\n- [SonarQube Cloud - Getting Started with GitHub](https://docs.sonarsource.com/sonarqube-cloud/getting-started/github/)\n- [Pull request analysis](https://docs.sonarsource.com/sonarqube-cloud/improving/pull-request-analysis/#existing-pull-requests-on-first-automatic-analysis)\n- [.NET test coverage](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/test-coverage/dotnet-test-coverage)\n- [Github action should fail on authentication error](https://community.sonarsource.com/t/github-action-should-fail-on-authentication-error/147720)\n- [Analysis of product projects vs. test projects](https://github.com/SonarSource/sonar-scanner-msbuild/wiki/Analysis-of-product-projects-vs.-test-projects)\n- [Parameters not settable in the UI](https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/analysis-parameters/parameters-not-settable-in-ui)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frufer7%2Fgithub-sonarcloud-integration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frufer7%2Fgithub-sonarcloud-integration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frufer7%2Fgithub-sonarcloud-integration/lists"}