Hi sonar community!
I’m using sonar developer edition and trying to integrate it with my Github enterprise account. My end goal is to be able to see the security overview directly in the security tab of my Github repos.
I have created a Github application in accordance with your guide GitHub integration (sonarsource.com), specifically assigning Read and Write permissions to it in the Repository permissions > Code scanning alerts section of the app settings, I can see that the application has the permissions in question here:
Likewise, the repo that I wish it to receive security alerts for is setup in accordance to this section in the guide: GitHub integration (sonarsource.com)
The end result though, looking at the security overview of the repo in question on Github is that I am missing the Code Scanning section in Vulnerability Alerts, which I would have expected to see, at least when comparing it to the screenshot in the official guide here: GitHub integration (sonarsource.com)
My question is: do I need to have code scanning alerts enabled on Github’s side before I can consume these alerts (even when they’re coming from Sonar, via the Github app)? Or should I assume there is a misconfiguration someplace?