Security | Vulnerability Scans and Assessment

How to Scan Your Code by Integrating SonarCloud into Your GitHub Repository


SonarCloud is a static code analysis tool you can use to discover code smells, bugs and security vulnerabilities within your code. GitHub can be used as your code repository and where you can commit new code changes. In this guide, I will be showing you how to Scan your Code by Integrating SonarCloud into Your GitHub Repository. Here you will be able to Push your code to GitHub using GitHub Desktop and using SonarCloud to scan the code for code smell, bugs or vulnerabilities. You may further read about How to use GitHub as Source Provider for AWS CodePipeline, How to use Command-Line on Git Bash and GitHub Desktop to PUSH local code to GitHub, and How to Deploy Code from GitHub to Azure App Service from the Command-line, and How to integrate AWS CodeBuild and AWS CodeCommit to SonarCloud.

Follow these steps to integrate SonarCloud into Github Repository

1: Download GitHub Desktop from here.


2. After installing GitHub Desktop login and launch the app.


3. Add your GitHub Repository to the GitHub Desktop. Select repository and Clone.


Clone the Repository

4. You can click either, GitHub Enterprise or URL, But in this guide, I will be selecting the URL and click on Clone.


The image below shows the GitHub Repo Cloning.

5. After the Cloning is completed, you will see the below page where you carry out your request to a remote or local environment. 

This is where you handle your Pull Request and Push Request.


Please see how to Integrate Pleasant Password Server with Active Directory, how to clone a repository and install software from GitHub on Windows, and How to Integrate SonarCloud with Azure DevOps Pipeline.

Access GitHub from SonarCloud

6. After your code is pushed to GitHub then browse the SonarCloud Website and select GitHub from the list.


7. Login and Authorize SonarCloud.


8. Immediately after you logged in successfully, you will see the SonarCloud welcome screen.

Click on the + icon and select Analyze your first projects > Import an organization from GitHub. But if you already created an organization then you will only need to Analyze new project just like the image below.


9. Select the Organization and the repository you want to analyze and click the Set Up button.


10. The selected projects will be imported and analyzed. There are two analysis methods available: Automatic analysis and CI-based analysis. SonarCloud will automatically analyze your code by reading it from the GitHub repository you have stated without the need for you to configure a CI-based analysis.


11. Once the analysis is done, you will see the page refreshed with all the analysis results displayed for your review.


I hope you found this blog post on how to Scan your Code by Integrating SonarCloud into Your GitHub Repository Interesting and helpful. In case you have any questions do not hesitate to ask in the comment section

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x