Bitbucket PR analysis issues not showing in SonarQube UI

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension):

    • SonarQube Developer Edition (evaluation licence) Version 8.9.2 (build 46101)
    • dotnet sonarscanner for MSBuild v5.3.1
    • bitbucket server (ie on-prem, not cloud) v6.2.3
  • what are you trying to achieve

    • PR analysis in SonarQube
  • what have you tried so far to achieve this

    • Have normal analysis on “master” branch working ok and reporting in SonarQube
    • Have created a bitbucket PR from a branch on same repo(not from a fork).
    • PR build runs with dotnet sonarscanner. Sonar issues reported in build log. PR created in SonarQube, Bitbucket PR decorated.

Issues:

  1. Zero issues reported in SonarQube PR overview and Bitbucket PR decoration, despite several being (deliberately) in the code and their warning codes showing in build log.

  2. If pr branches given to dotnet sonarscanner begin as /d:sonar.pullrequest.branch=sonartest1 /d:sonar.pullrequest.base=master then no warnings but SonarQube PR “Code” tab is empty. If pr branches given as /d:sonar.pullrequest.branch=refs/heads/sonartest1 /d:sonar.pullrequest.base=refs/heads/master then Code tab has the correct PR code, but both SonarQubeUI and build log have warnings that refs/heads/master can’t be found. (And again in both cases, issues found in build not showing up in SonarQube PR UI)

Any ideas what is missing to get the found issues reporting in SonarQube PR UI (and ofc in the corresponding bitbucket PR decoration).

Hi @kolossi
I’m capturing quick notes here about our offline exchanges, which may help future users using the same GOCD + pull request plugin combination.

The gocd-build-github-pull-requests plugin you are using is known to confuse SonarQube because of the way it checks out the code, as described with Checkout + reset confuses SonarQube.

1 Like