Whoa. SonarCloud just turned into a spam machine with no warning!
Please, please disable bot comments on PRs. There is no good reason to duplicate information already available as a status check. These comments are only ever valuable if a quality gate fails, and even then they’re resulting in a disastrous amount of noise in our org.
If this cannot be fixed either by feature flag or reverting, we will be forced to abandon SonarCloud to resolve the deluge of spam.
I too would like to stop getting spammed. I am now receiving twice as many notifications from Github, since for some reason the bot creates a new comment every time a commit is pushed (instead of editing the original comment like other bots do)
Just here to second Matthieu Foucaults comment. It is a brilliant product because it happens in the background and then spams if there is something truly wrong with the code being checked in. Spamming PRs is not a solution worth the product’s time. Maybe a report export feature for those customers with CISOs that need info?
Just to clarify, the purpose of the summary comment is obviously not to spam users. It initially comes from feedback that information available in the Check tab can be very easily missed / forgotten, especially when the quality gate is green (and when the team wants to do the extra mile of fixing the few remaining code smells or cover the few remaining lines of code).
I wanted to link this topic to another one and get your feeling on this. Many users want the inline comments back - which we removed at some point because it was “polluting” a lot the Conversation tab:
What’s your take on this? I guess that if the one summary comment already generates too much noise, you’d get mad with 1 inline comment per issue, right?
More generally, are you happy with having the information available in the Checks tab only? (which can go unnoticed) Are you confident that your team benefits from all the value of the service with this solution?
While one inline comment per issue would be better than the current situation–one inline comment per–I’d be much happier without any inline comment. Isn’t the whole point of having configurable quality gates to empower teams to implement their own definition of severity? Either the hook is passing and we can merge or it isn’t.
If we could implement a toggle to turn off bot comments on PRs, that would be an ideal resolution.
The dashboard & Check tab are hugely valuable for our corporate information security officers. Our developers do occasionally review them, but decidedly not on every commit.
Thanks for getting back to us.
Would it be possible for the bot to not post a new comment if there are no new bug, vulnerabilities, or code smells introduced by a pull request? We are working on a project which used sonarcloud since the beginning, which means that our quality gate is quite strict, and every single comment from the bot so far was:
Kudos, SonarCloud Quality Gate passed!
Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells
No Coverage information No Coverage information
0.3% 0.3% Duplication
This is getting so annoying I am about ready to disconnect SonarCloud from our github. We look for presence of comments to see if the reviews on PRs have started. Now we have random comments from you. Please stop doing it. Horrible feature. No other automatic checking product does it in this way. There are many automatic gates like code coverage and CI. They all have a special place in GitHub. It’s not comments. Very frustrating.
+1. We share the same frustration as the other people here. I have checked this thread several days now for a fix, because it is indeed becoming very bothersome. Our team has a dedicated slack channel where Github posts new PR’s, comments, reviews and deployment statuses. This channel is now filled with comments from the sonarcloud bot mostly saying Quality Gate Passed… The comment is nice if the quality check actually fails.
Actually I think we’d a feature on Github to enable/disable only bot notifications and comment, or even “per issuer choice of notification”.
I think the fact that it is a comment is not really the problem in this case, no?
@Fabrice_Bellingard as far as our organization is concerned, we are getting a lot of value out of SonarCloud with only the Checks tab.
We could get more value out of it if we could set the comments to only occur if one or more issues or smells are detected, but in it’s current state the notification has become almost pure white-noise.
Thinking on this a little more, one inline comment per issue might be better than the current summary comment simply because it wouldn’t go off if there was nothing to action on. (And you can decide if you need more coverage or not based on the quality gate passing or failing.)
This is becoming a pain point for my team as well. We’d love a toggle or something to disable these messages - they just generate useless notifications and clutter in discussion threads, especially when people push to PR branches frequently. The thread ends up with multiple status updates from this service when we only need to see the latest status that’s already present with the rest of the CI checks at the bottom of the thread.
Same here. Either a toggle to disable it entirely, or at least make it so it only comments when failing to pass the gate - as it is, most of the comments are uselessly pointing out that everything is a-OK. Since we run the analysis on every build, we easily get 3-4 comments of every PR
I signed up for this forum to ask about this exact issue. Our situation is that we have three different projects in the same repository (with separate analysis run on every single commit). This leads to 3x comments in the PR conversation every time someone pushes a commit.
I’d love to be able to keep scanning without having three (or even one, really) comments pop up in the PR every time someone makes a commit. Really, just the “SonarCloud Code Analysis” in the existing “Checks” menu is all we want: