Olga StrijewskiIntroduction
In this guide, we will walk through setting up SonarCloud for a GitHub project to automatically inspect code for bugs and vulnerabilities. This will help ensure code quality and security in your project.
Initial Setup of SonarCloud
I already have a project on GitHub, and I would like to enable SonarCloud on it to automatically inspect the code for bugs and vulnerabilities. Here is my project:
To enable SonarCloud, let's first open the following URL: http://sonarcloud.io, which will redirect to https://www.sonarsource.com/products/sonarcloud/. Then click on the "SIGN UP" button:
Sign up with GitHub:
This will redirect you to GitHub, where you will enter your username and password:
...and then give SonarCloud certain permissions:
SonarCloud will ask you to configure your GitHub organization:
Once you click on "Import an organization," it will ask you if you want to import all the repositories of that organization or only the selected ones. I will only import one repository:
After clicking the "Install" button, it will ask a few more questions:
Then choose the free plan - you can do that as long as your repository is a public repository:
The next step is analyzing your projects. At this point, there is only one organization available - the one you just created. You can select the project to analyze from your GitHub projects that you agreed to import earlier, and then click the "Set Up" button:
A few more additional settings about how you want your project analyzed - select whether to analyze once the new version appears or analyze once a certain number of days passes. I chose the first option and then clicked on "Create project":
That's all SonarCloud needed to start analyzing the code. Now it brings you to the dashboard, and you need to wait for it to finish its first analysis:
Analysis Result
Voilà! The first analysis of my project is done. It found one issue (it is a little sample project):
We can click on that issue to see the details:
...and we can drill down even more once we click on the issue description, including the code snippets:
Now you've connected your project to SonarCloud! For most languages, it will run automatic analysis, so every time anything changes, your results will be up to date.
Conclusion
With SonarCloud set up, you can now enjoy automatic code quality checks for your GitHub projects. This ensures that your code remains secure and free from vulnerabilities. As the next step, you can configure Sonar as an automatic workflow in GitHub or other systems to maintain high code quality.
