Minimum publicly addressable endpoints for GitHub integration

Hello All!

We’re planning on an on-premise installation of Sonar and look to leverage the Quality Gate features for GitHub PRs. Does anyone know the minimum public footprint required? I imagine the OAuth2 callback URL and maybe some webhook endpoints?

Thanks in advance!
-Nick Baker

Hi,

Welcome to the community!

By public, I guess you mean exposed on the internet? I guess because you’re using GH.com, not GH Enterprise?

 
Ann

That’s correct. Public GitHub.

Thanks,
Nick

Hey @Nick_Baker!

GitHub never actually communicates with SonarQube APIs. Only the other way around.

Colin. At the very least the GitHub OAuth2 callback has the be called to obtain access tokens correct?

See: https://docs.sonarqube.org/latest/analysis/pr-decoration/

Colin, at the very least the GitHub OAuth2 callback has the be called to obtain access tokens correct? I appreciate it. Getting this answer is critical for approval of Sonar within our company

Hey Nick,

Sonarqube needs access to interact with GitHub.com (and we don’t document exactly which GitHub.com endpoints). It’s one way communication, and what SonarQube can access is controlled by permissions on the GitHub app.

GitHub.com does not need to communicate with SonarQube except for returning data when SonarQube calls it’s APIs.