Can the source be analyzed directly from GitHub?

Hi guys! Info about my issue:
SonarQube: Community Edition, Version 8.9 (build 43852)

What I’m trying to achieve: make SonarQube analyze my source code directly from git repository hosted on GitHub, without having to run the build and scanner on a separate machine

What I have alraedy tried:
I’ve connected my SonarQube to GitHub and tried to create a new project using this integration. It even detected my repository from GitHub, but as soon as I wanted to create the project, it asked me to compile the code and run the analyzer of this compiled code.
In that case, what sense does it make to add this GitHub integration? Anyway I need to configure my scanner (for .NET in my case) on a separate machine where the code is already pulled from GitHub, build the solution using MSBuild and run .NET scanner on it, so the results can be sent to SonarQube server. Am I missing something or this GitHub integration is useless here?

Isn’t it possible to configure SonarQube to just analyze the sources directly from GitHub, e.g. on every commit? I don’t want my compiled DLLs to be analyzed, just to perform static analysis of the source code from GitHub. Is that possible or I completely misunderstand something? :slight_smile:

Hey @Dawid_Sibinski ! Welcome to our community!
You are right, you have to compile the code yourself to analyse it with SonarQube for now.
The purpose of this “GitHub Integration” is to ease your configuration path : it synchronizes your main branch name (to retrieve it on SQ side) and automates the PR decoration configuration. Unfortunately I see you are on the Community Edition so this feature is not available on this edition (it starts with the Developer Edition).
Finally, it may help you in the future if we release an “automatic scan” feature, compiling your code automatically. But this is the future… stay tuned :wink:

I hope I answered your question.
Kind regards,

1 Like

Thanks for answering Christophe :slight_smile:
It’s all clear now. However, I guess it would be nice to put that explicitly in the documentation, as it was totally unclear for me. I didn’t understand why the GitHub integration if I need to fetch my newest code from GH and build it completely independently.

@Dawid_Sibinski I take the point regarding the documentation, thanks for sharing :slight_smile:
FYI, SonarCloud is currently working on bringing automatic analysis for .NET projects. You can put a vote and find more info about the status on our public portal Automatic analysis for .NET - SonarCloud | Product Roadmap

Kind regards,

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.