Hi Chris,
We have an application that gates pull requests based on the result of the pull request scan.
This application uses the SonarQube API is check if the pull request scan passed the quality gate. However, this application has no way to verify that the scan it got back was done against the latest content of the pull request. This means we cannot make the pull request wait if new content it pushed; as far as it knows the latest scan was good.
If we has access the the SHA the sonar scan scanned we could confirm that the pull request merge matches the scanned SHA, block the pull request if it does not, and say “waiting for new pull request scan”.
In our case I am looking for it on pull request scans but I imagine it could be useful information on branch scans as well.
Thanks for you response,
Shawn