I’ve implemented a simple GitHub Action (following all the default configurations) to scan a repo on PR and merge.
The scanning completes, and I see results appearing in the sonarcloud console. In the console it is reporting 10 bugs, 2 vulnerabilities, 18 Security hotspots, 62 code smells on the master branch.
In the GitHub pull request it is reporting scan results: 0 Bugs, 0 Vulnerabilities, 0 Security Hotspots, 0 Code Smells.
When I browse the links on the issues in GitHub, they are pointing to the PR
That link does resolve, and shows the same information, zero across the board.
Is it the fact that it is finding zero NEW issues? Is there a way I can configure it so that the report in the PR in GitHub reports the CURRENT issues instead?
Template for a good new topic, formatted with Markdown:
- ALM used (GitHub, Bitbucket Cloud, Azure DevOps)
- CI system used (Bitbucket Cloud, Azure DevOps, Travis CI, Circle CI
- Scanner command used when applicable (private details masked)
- Languages of the repository
- Only if the SonarCloud project is public, the URL
- And if you need help with pull request decoration, then the URL to the PR too
- Error observed (wrap logs/code around with triple quotes ``` for proper formatting)
- Steps to reproduce
- Potential workaround