SonarQube Cloud now supports GitHub Enterprise Cloud with data residency (GHE.com)

8 min read

Andrew Osborne photo

Andrew Osborne

Product Marketing Manager

TLDR overview
  • SonarQube Cloud now supports GitHub Enterprise Cloud with data residency (GHE.com), generally available in the EU and US regions, with the SonarQube Cloud Enterprise plan.
  • Organizations running GitHub on a dedicated subdomain like yourcompany.ghe.com can now bind it to SonarQube Cloud, analyze private and internal repositories, and decorate pull requests.
  • Bulk-import existing repositories in one click and configure auto-import so new repositories are analyzed automatically as they are created - no CI configuration required.
  • This closes a gap for regulated industries such as financial services, automotive, healthcare, and defense, where data sovereignty requirements rule out standard GitHub.com.

If your organization runs GitHub on a dedicated subdomain like yourcompany.ghe.com, you can now connect it to SonarQube Cloud. SonarQube Cloud support for GitHub Enterprise Cloud with data residency (GHE.com) is generally available today on the SonarQube Cloud Enterprise plan, in the EU and US regions.

Until now, SonarQube Cloud connected only to standard GitHub.com, so teams on a data-resident domain had no path to it. This release opens that path. You get the full analysis capabilities of SonarQube Cloud as a managed service, connected directly to your data-resident GitHub - with no analysis infrastructure to run yourself.

Why data residency matters for regulated industries

AI agents and tools like GitHub Copilot are generating code faster than teams can review it, and in regulated industries that velocity collides with strict requirements for auditability and compliance. SonarQube is the independent zero trust verification layer that holds every line to the same standard, regardless of which agent or developer wrote it, giving you the auditable record regulators expect.

GHE.com is GitHub's managed cloud offering for organizations with data residency requirements, accessed through a dedicated subdomain like yourcompany.ghe.com. Data sovereignty requirements in financial services, automotive, healthcare, and defense often rule out standard GitHub.com. For teams on GHE.com, that also meant SonarQube Cloud was out of reach - the SaaS path to Sonar analysis was not available to them.

That changes with this release. SonarQube Cloud now binds directly to your GHE.com organization, so you can analyze code where your identity management system and your data already live. Your code stays inside your residency boundary, and you get Sonar's zero trust, multilayered verification delivered as a fully managed service, the same SonarQube benefits, available wherever your team prefers to run it.

What you can do now in GitHub Enterprise Cloud

Once you bind your GHE.com organization to SonarQube Cloud, you can:

  • Analyze private and internal repositories with zero-trust, multilayered verification across quality, security, and reliability.
  • See results directly on your pull requests with PR decoration, so issues surface where developers work.
  • Bulk-import existing repositories in one click, then let auto-import ingest new repositories as they are created.
  • Run automatic analysis as repositories are ingested.

The practical impact: you onboard your entire estate fast, and every new repository gets verified from day one. No manual setup gates, no repositories slipping through unanalyzed.

How multilayered verification fits into Sonar's vision

In the agent era, verification isn't optional. AI-generated code can introduce complex, hard-to-find issues that may compound quickly in agentic workflows. Sonar offers a zero trust, multilayered verification approach, combining automated AI-native PR validation with established algorithmic verification to deliver a robust approach to ensuring high quality and secure code. 

Extending SonarQube Cloud to GHE.com brings that verification layer to the teams who need it most. Regulated enterprises no longer have to choose between data sovereignty and a managed, cloud-based approach to code analysis.  You get both, applied consistently across every repository and every agent.

Get started today

Visit this page to get started today.

Frequently asked questions

What is GHE.com, and how is it different from GitHub.com?

GHE.com is GitHub Enterprise Cloud with data residency, GitHub's managed cloud offering that keeps your data in a specific region. Organizations access it through a dedicated subdomain like yourcompany.ghe.com. It serves regulated industries where data sovereignty rules exclude standard GitHub.com.

Is GHE.com the same as GitHub Enterprise Server?

No. GHE.com is GitHub's managed cloud product with regional data residency. GitHub Enterprise Server (GHES) is the self-hosted, on-prem product you run yourself. This release supports GHE.com. 

Which regions and plans are supported?

SonarQube Cloud support for GHE.com is exclusively available under the SonarQube Cloud Enterprise plan, in the EU and US regions.

Do I need to configure CI to analyze my repositories?

No. After you bind your GHE.com organization, you can bulk-import existing repositories in one click and configure auto-import for new ones. Repositories are analyzed automatically as they are ingested, with no CI setup required.

How do I set it up?

Unlike GitHub.com, where GitHub partners list integrations in the GitHub Marketplace, GHE.com has no Marketplace. You create your own GitHub App on your GHE.com instance instead, where permissions are auto-configured. Then you create a SonarQube Cloud organization, point it at your subdomain, and import your repositories. Full setup documentation is available in the getting started guide.

Build trust into every line of code

Integrate SonarQube into your workflow and start finding vulnerabilities today.

Rating image

4.6 / 5

Unsubscribe