Master DevSecOps & Cloud Computing with Coach AK: February 2026

Friday, February 20, 2026

How to Integrate SonarQube Cloud with GitHub Actions | GitHub Actions SonarQube Cloud Integration | Automate Static Code Quality Analysis with SonarQube Cloud from GitHub Action

Automate Static Code Quality Analysis in SonarQube Cloud from GitHub Actions:

Pre-requisites in SonarCloud:

Depending on your SCM tool, We will use GitHub. So please click on it.

Enter GitHub credentials to setup your account in SonarCloud. Click Authorize SonarQube Cloud.

Go to SonarCloud → My Account → Organizations → Create/Select organization

Choose “Import from GitHub” (or connect GitHub) and Install the SonarCloud GitHub App

Start analyzing a project:

Select Project and Click on Setup:

Check any one of the options to confirm what is new code:

Select with other CI tools

Select Maven, note organization key, project key and token.

Pre-requisites in GitHub Actions:

After setting up SonarCloud successfully, login to GitHub Actions. Create two secrets SONAR_TOKEN and SONAR_HOST_URL

Sonar URL should be https://sonarcloud.io/

GitHub Actions CICD Workflw code for running scan in SonarCloud

name: Implement static code analysis for a Java App using SonarQube from GitHub Actions

on:

push:

branches:

- main

workflow_dispatch:

jobs:

build:

runs-on: ubuntu-latest

steps:

- name: checkout code

uses: actions/checkout@v3

- name: Set up JDK

uses: actions/setup-java@v3

with:

distribution: 'adopt'

java-version: '11'

- name: Build with Maven

run: mvn clean install -f MyWebApp/pom.xml

- name: Run SonarQube Scan

uses: sonarsource/sonarqube-scan-action@master

with:

projectBaseDir: .

args: >

-Dsonar.organization=akannan1087

-Dsonar.projectKey=akannan1087_my-javawebapp-repo

-Dsonar.java.binaries=**/target/classes

env:

SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

Now login to SonarCloud under --> https://sonarcloud.io/projects

How to Integrate SonarQube Cloud with Jenkins | Jenkins SonarQube Cloud Integration | Automate Static Code Quality Analysis with SonarQube Cloud from Jenkins

Automate Static Code Quality Analysis with SonarCloud from Jenkins

Pre-requisites in SonarCloud:

Login to https://sonarcloud.io/
Click on SCM tool

Depending on your SCM tool, We will use GitHub. So please click on it.

Enter GitHub credentials to setup your account in SonarCloud. Click Authorize SonarQube Cloud.

Go to SonarCloud → My Account → Organizations → Create/Select organization

Choose “Import from GitHub” (or connect GitHub) and Install the SonarCloud GitHub App

Start analyzing a project:

Select Project and Click on Setup:

Check any one of the options to confirm what is new code:

Select with other CI tools

Select Maven, note organization key, project key and token.

Pre-requisites in Jenkins:

SonarQube plug-in - Make sure this plug-in is installed.
pipeline stage view plug-in

After setting up SonarCloud successfully, login to Jenkins. Manage Jenkins --> Configure System --> SonarQube installation

Server URL should be https://sonarcloud.io/

Enter Sonar token as secret text and select it from the drop down

Jenkins Pipeline code for running scan in SonarCloud

node {

def mvnHome = tool 'Maven3'
stage ("checkout") {

git branch: 'main', credentialsId: '', url: 'https://github.com/akannan1087/my-javawebapp-repo'

    }

   stage ('build') {
    sh "${mvnHome}/bin/mvn clean install -f MyWebApp/pom.xml"
    }

     stage ('Code Quality scan') {
       withSonarQubeEnv('SonarCloud') {

sh """

${mvnHome}/bin/mvn -f MyWebApp/pom.xml \

org.sonarsource.scanner.maven:sonar-maven-plugin:4.0.0.4121:sonar \

-Dsonar.organization=org_key \

-Dsonar.projectKey=com.dept.app:MyWebApp \

-Dsonar.projectName=MyWebApp

"""

}
}

}

Now login to SonarCloud under --> https://sonarcloud.io/projects

Here is the pipeline view: