Here is my scenario, my findings starting with ‘***’
We have our code in BitBucket cloud. All of our builds are done in Azure DevOps.
We want to be able to launch Sonar when we do a pull request.
*** I believe in Azure we can set the build to launch when a PR is created. ***
Only new code should be analyzed – set the New Code Period to start on whenever we enable the analysis.
*** I believe that this function is in both ***
However, we don’t want the build to be blocked. The initial stage is just to start gathering metrics so we can start setting code quality baselines.
I am unsure about this one. Also, I am not sure which one we need.
The best way to achieve this is to use our SonarScanner for Azure DevOps
Then setup a Pull Request Validation inside the build you want to trigger : https://sonarcloud.io/documentation/analysis/scan/sonarscanner-for-azure-devops/#branch-and-pull-request-analysis (see Using pull request validation trigger (for GitHub and Bitbucket Cloud))
Initially, we have to scan the whole source code base, then set the Period start date going forward to analyze the code from the pull request?
Yes, to init a project, you will need to scan the entire base code on the default branch of your repo (which is, on SonarCloud’s side, master, but it can be changed).
Once that is done, you can analyze branches and PRs, the “new code period” is set to 30 days by default, up to you to modify it if you want.