Github PR decoration - image links broken

SonarQube version: / Developer Edition / Running in GKE
Deployment is not publicly available, internal network only
Single ALM - (not enterprise)

Bug Description:
The Github PR analysis results written to conversation and checks tabs in Github have broken image links. The image origin is https://< which is not available to the Github image proxy service (camo).

Steps to reproduce:
Run sonar-scanner locally with PR settings:

  • sonar.pullrequest.key=15
  • sonar.pullrequest.branch=charlie
  • sonar.pullrequest.base=master


Images should load as shown from SonarQube documentation:
Side by side2

1 Like

I’m having the same problem with the same version.

Hi, just to be extra sure: your SonarQube instance is not publicly accessible, right?

@pierreguillot Correct, not public. This issue would only present itself when the SonarQube instance is not public.

Related bug report from 7.9 version:

Ok, so here is the relevant ticket that will address this : SONAR-13106.

The workaround, before this ticket gets implemented, would be to allow the GitHub proxy server to access your SQ instance, to fetch the images.


Hi, we also use Developer edition and our Sonarqube instance is not public accessible. What is this Github proxy? Is something out of the box that we configure or you are suggesting some proxy rules in our ingress infrastructure?

Could it be fixed by using the base64 image code instead refferring to the file itself?

<img src="data:image/jpeg;base64,/9j/4RiDRXhpZgAATU0AKgA..." width="100" height="50" alt="base64 test">

Hi, we’re getting exactly the same issue following updating our test Enterprise edition instance to 8.4.1.

It’s incredibly frustrating as everything works fine on our 7.9 LTS instance. I raised Images in PR Decoration - SonarQube 7.7 and GitHub Enterprise Cloud over a year ago and it was specifically fixed in 7.9 so surely this is a regression?

I can see in 7.9 that images are being sourced from (which is publicly accessible), whereas in 8.4.1 they have reverted back our SonarQube instance’s URL (which is not publicly accessible). Why the change back???