Constant pass/fail after using auto scanning

I am a maintainer on the github project

Sonar is setup at

Our project has a set of issues that need to be fixed - currently according to the sonar way we are in red status.

It is setup for auto-scanning and I can see are having

  • scan against master of the whole code ( QualityProfile: Use ‘Sonar way’ (Java) ) - red
  • scans against each PR (QualityProfile: Use ‘Sonar way’ (HTML), QualityProfile: Use ‘Sonar way’ (CSS), QualityProfile: Use ‘Sonar way’ (JavaScript)) - green

On the activity tab the graph is constantly going between near 0 ( PRs ), and many (master) which isn’t that useful.

Have we set something up wrong?
Why do the profiles differ?
Wouldn’t I expect to see the graph just represent the full scans?

I realise it’s a beta, so if it’s the way it is that’s fine – I just wanted to check we hadn’t done anything wrong, and if so where to check.

(xref: )

Additional info

  • We also have a time scheduled sonar scan run which uses sonarcloud – So is this confusing the results?
  • Do we only do one or the other
  • If so how do we handle coverage analysis and/or uploading of pmd/spotbugs without causing the above behaviour?

Exactly! You have two analysis pushing to the same project on SonarCloud, and these analysis are configured and work very differently. The AutoScan analysis can only analyze the code of non-compiled languages, and by default it considers all your files as sources. It looks like it found HTML, CSS, and JavaScript files in your project, and it analyzed those. The other analysis you had scheduled (looks like a Maven), it configures the analysis based on your Maven configuration, and has full access to the compiled Java code, and doesn’t find the HTML, CSS, … files because they are not declared through Maven.

Yes, it’s one or the other, not both.

Currently AutoScan is not able to support importing coverage analysis reports, simply because these are usually generated during the test run, and AutoScan doesn’t run anything else other than the sonar-scanner itself. This use case is definitely on our radars.

Since we don’t expect to be able to handle Java code with AutoScan in the near future, I think it’s better for you to run the analysis yourself, using Maven.