GitHub action triggers sonarcloud completes, but scan results in sonarcloud aren't reported in GitHub

Hi all,

I’ve implemented a simple GitHub Action (following all the default configurations) to scan a repo on PR and merge.

The scanning completes, and I see results appearing in the sonarcloud console. In the console it is reporting 10 bugs, 2 vulnerabilities, 18 Security hotspots, 62 code smells on the master branch.

In the GitHub pull request it is reporting scan results: 0 Bugs, 0 Vulnerabilities, 0 Security Hotspots, 0 Code Smells.

When I browse the links on the issues in GitHub, they are pointing to the PR
https://sonarcloud.io/project/issues?id=michaelshire_vulnado&pullRequest=2&resolved=false&types=CODE_SMELL
That link does resolve, and shows the same information, zero across the board.

Is it the fact that it is finding zero NEW issues? Is there a way I can configure it so that the report in the PR in GitHub reports the CURRENT issues instead?

Thanks!
Mike

Template for a good new topic, formatted with Markdown:

  • ALM used (GitHub, Bitbucket Cloud, Azure DevOps)
  • CI system used (Bitbucket Cloud, Azure DevOps, Travis CI, Circle CI
  • Scanner command used when applicable (private details masked)
  • Languages of the repository
  • Only if the SonarCloud project is public, the URL
    • And if you need help with pull request decoration, then the URL to the PR too
  • Error observed (wrap logs/code around with triple quotes ``` for proper formatting)
  • Steps to reproduce
  • Potential workaround

Hi @michaelshire , welcome to the community.

I think the behavior is normal here, the new code seems to be to little to be detected. You may need to change some java file (if this is the targeted language), and browse the “Code” tab on SonarCloud to be able to detect new issues if they make sense (here on your PR, adding a new word will not trigger new rules).

HTH,
Mickaël

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.