We are using Sonarqube Server Developer Edition v2025.1. We are using GitHub Copilot, and would like to use Autodetect AI-Generated Code. However, our code is kept in Gitlab, and I can’t achieve any success. Is this only working if we have our code also in GitHub? Are there otherwise any pitfalls I have to avoid?
Hey there @Udo_Pape-Kampmeier!
There are a few things you’ll need to keep in mind when trying out this feature:
-
It does not matter if your code is stored in GitHub or not – however you will have to have a GitHub app configured in your global Administration > DevOps Platform Integration -
As noted in the docs, you’ll need to make sure you’ve granted permissions to the GitHub application you use for GitHub integration.
A Project Admin must enable access from your GitHub App. The autodetection feature will not function without giving SonarQube Server access to GitHub Copilot Business.
-
This feature only works if you’re using GitHub Copilot Business,. Any individual licenses will not count.
-
Copilot usage can take up to 24 hours to be reflected in GitHub’s API, which SonarQube will query once a day. If you want, you can query the
user_ai_tool_usagestable of your SonarQube database to see if any data has been synced. -
With access to your GitHub App, SonarQube Server can evaluate users’ GitHub Copilot usage and code contribution patterns to identify potential AI-generated code. If there is a match in user data, SonarQube Server will display the *AI code detected status on the project’s Overview and Project Information pages.
-
This will only be checked on analyzed project branches, not on pull requests.
Hey again @Udo_Pape-Kampmeier
It turns out I was wrong. You do need to have a project-level DevOps Platform Integration configured, and that integration must be with a GitHub repo.
I’m not sure why this is a requirement, and I’ll follow-up on that!
Hey Colin,
Thanks, good to know. Means we can stop trying, and will wait for an update of Sonarqube supporting our setup.
Kind Regards,
Udo
Hello Udo,
Currently this feature requires that your code is hosted in GitHub. This implementation allows us to verify that the Copilot usage is on specific repositories.
However, I understand your requirement. We will look into this.
Hi all,
Thanks for the feedback. Indeed, in an early implementation we wanted to use this project-level integration, but in the end it was dropped and we don’t actually need it anymore.
I’ve created a ticket to remove this requirement. You can see it here.
1 Like