We’re planning on an on-premise installation of Sonar and look to leverage the Quality Gate features for GitHub PRs. Does anyone know the minimum public footprint required? I imagine the OAuth2 callback URL and maybe some webhook endpoints?
Colin, at the very least the GitHub OAuth2 callback has the be called to obtain access tokens correct? I appreciate it. Getting this answer is critical for approval of Sonar within our company
Sonarqube needs access to interact with GitHub.com (and we don’t document exactly which GitHub.com endpoints). It’s one way communication, and what SonarQube can access is controlled by permissions on the GitHub app.
GitHub.com does not need to communicate with SonarQube except for returning data when SonarQube calls it’s APIs.