GET api/project_pull_requests/list response does not contain commit sha

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    • SonarQube - Version 8.4.1 (build 35646)
  • what are you trying to achieve
    • Get the commit sha of a pull request analysis to make sure the current analysis it related to the latest update to the pull request and not an older version
  • what have you tried so far to achieve this
    • Hit /api/project_pull_requests/list?project={key}
    • The Sonar Cloud Docs show that the response contains the commit sha for the pull request analysis, however this is not available on SonarQube.
    • Is this a feature that is coming to SonarQube or will it only be available on SonarCloud?
    • Is there something we can do to get the commit sha of a pull request analysis given I have the project key and the pull request key?

Hello Shawn,

Could you further explain your use-case and how you plan to use this information?
Would you need the info only for pull requests?


Hi Chris,

We have an application that gates pull requests based on the result of the pull request scan.

This application uses the SonarQube API is check if the pull request scan passed the quality gate. However, this application has no way to verify that the scan it got back was done against the latest content of the pull request. This means we cannot make the pull request wait if new content it pushed; as far as it knows the latest scan was good.

If we has access the the SHA the sonar scan scanned we could confirm that the pull request merge matches the scanned SHA, block the pull request if it does not, and say “waiting for new pull request scan”.

In our case I am looking for it on pull request scans but I imagine it could be useful information on branch scans as well.

Thanks for you response,