Getting Started With GitHub
If your code is on GitHub, go to sonarcloud.io and click.
You will be taken to the GitHub login page. Sign in using your GitHub credentials.
Welcome to SonarCloud
Once you have successfully logged in, you will see the SonarCloud welcome screen. Click on Import projects from GitHub.
Set up your organization
Connect your GitHub organization with SonarCloud
When prompted, install the Sonarcloud application on GitHub. This step allows SonarCloud to access your GitHub organization or personal account. You can select specific repositories to be connected to SonarCloud or just select all. You can always change this setting later.
Create your SonarCloud organization
SonarCloud is set up to mirror the way that code is organized in GitHub (and other repository providers):
- Each SonarCloud project corresponds one-to-one with a Github project, which resides in its own Git repository.
- GitHub projects are grouped into GitHub organizations or personal accounts.
- Each SonarCloud organization corresponds one-to-one with a GitHub organization or personal account.
This step will set up the SonarCloud organization that corresponds to your GitHub organization or personal account.
SonarCloud will suggest a key for your SonarCloud organization. This is a name unique across all organizations within SonarCloud. You can accept the suggestion or change it manually. The interface will prevent you from changing it to an already existing key.
Choose a plan
Next, you will be asked to choose a SonarCloud subscription plan. If all the repositories to be analyzed are public on GitHub, you can select the free plan. Your code and analysis results will be publicly accessible at sonarcloud.io.
If you want to analyze one or more private repositories, you need to select a paid plan. Even with the paid plan, you still have a 14 day free trial period. Once the 14 days have elapsed, the cost is based on the number of lines of code analyzed.
A plan is always associated one-to-one with a SonarCloud organization and therefore with a single GitHub organization. If you want to onboard multiple GitHub organizations, you must sign up for a separate plan for each.
Once you have chosen a plan and clicked Create Organization, your SonarCloud organization is created!
Set up your analysis
The next step is to import the projects (that is, individual Git repositories) that you want to analyze from your GitHub organization into your newly created SonarCloud organization, creating a corresponding SonarCloud project for each.
SonarCloud will present a list of the repositories in your GitHub organization or personal account. Select those that you want to import and analyze and click Set Up.
The selected projects will be imported.
For GitHub repositories, there are two analysis methods available: Automatic analysis and CI-based analysis below.
SonarCloud will first check your imported repository to see if it qualifies for automatic analysis. If it does, then the analysis will start automatically and the results will appear shortly. Otherwise, proceed with CI-based analysis.
With automatic analysis, SonarCloud will automatically pull your code from your repository. Scanning and analysis will be performed on SonarCloud itself. You will see a screen like this:
Once the analysis is done, SonarCloud will present the results. See Your analysis results are ready, below.
If automatic analysis is not recommended for your project, you will need to set up a CI-based analysis. This will be the case, for example, with projects that use Java, C#, C, C++, or Objective-C (as well as others).
In this scenario scanning and analysis do not occur in SonarCloud itself (as they do with automatic analysis) but rather in your build environment, as part of your build process. This means you have to configure your build process to perform the analysis on each build and communicate the results up to SonarCloud.
SonarCloud will guide you through a tutorial on how to set all this up.
The first step is to select your build environment. SonarCloud will present this page:
Your analysis results
Once it is complete, you can view the results of your first analysis.
If you log into SonarCloud using an email address that you previously used to log into another DevOps platform, you need to be aware that SonarCloud will automatically associate your email address with the new DevOps platform. For example, if you log in through Bitbucket Cloud and previously used GitHub, GitHub issues will no longer be assigned to your email address and you will stop receiving GitHub email notifications. If you then decide to switch back to GitHub, the Bitbucket email notifications will be discontinued.