Question 1

How to set up SonarCloud with GitHub Actions for a TypeScript project?

Accepted Answer

First, create a SonarQube Cloud account and project, then add a `sonar-project.properties` file with your organization and project key. In your GitHub workflow, use this action with the SONAR_TOKEN secret and specify args for TypeScript-specific settings, such as coverage paths, as shown in the README examples.

Question 2

SonarCloud GitHub Action vs SonarQube self-hosted for CI/CD?

Accepted Answer

This action is tailored for SonarQube Cloud, a SaaS solution that simplifies setup but locks you into their platform. Self-hosted SonarQube offers more control over data and infrastructure but requires manual configuration and maintenance, making it better for organizations with strict compliance needs.

Question 3

Is the SonarCloud GitHub Action still safe to use?

Accepted Answer

The README warns it's deprecated and will be removed, so while it might work temporarily, it's not recommended for new projects. You should migrate to the recommended `sonarqube-scan-action` to ensure ongoing support and updates.

Question 4

What languages does SonarCloud support for static analysis?

Accepted Answer

SonarCloud supports over 30 languages, including Java, JavaScript, TypeScript, C#, Python, C, C++, and many more, as detailed in the README and linked documentation. It also covers frameworks and IaC platforms for broad coverage.

Question 5

How to fix SONAR_TOKEN authentication errors in GitHub Actions?

Accepted Answer

Ensure the SONAR_TOKEN is correctly stored as a repository or organization secret in GitHub and referenced in the workflow env section. Double-check token permissions and that it matches your SonarQube Cloud organization, as per the README's security guidelines.

Question 6

Can I use SonarCloud with self-hosted GitHub runners and no internet?

Accepted Answer

Yes, the action allows overriding the scanner binaries URL via `scannerBinariesUrl` to point to internal mirrors, enabling use in air-gapped environments. This is documented in the README under self-hosted runner compatibility.

Scan code with SonarCloud

What is Scan code with SonarCloud?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions