GitLab merge request integration

I want to integrate SonarQube v8.1 Developer Edition with GitLab Self-Managed v12.4 so that merge requests are automatically annotated with SonarQube issues.

I’ve followed the Decorating Pull Requests guide for GitLab and have configured:

  • A personal access token scoped for api
  • GitLab under the Administration / Pull Request Decoration menu

Pull request analysis reports appear in SonarQube when a merge request analysis job is run in by the CI/CD pipeline, but no issues ever appear in GitLab.

I must be missing some configuration. Any ideas on what step I might be missing? One thing that didn’t make sense is how SonarQube knows the URL of the GitLab server and the GitLab project name? Does this come from the Maven pom?

Any help greatly appreciated.

Hi @devops_guru,

Which CI tool do you use?
Currently, only gitlab CI is supported
See this thread:

You can follow this MMF as well: https://jira.sonarsource.com/browse/MMF-1901
Stay tuned :slight_smile:

Carine

Hello @Carine_Lacombe,

From which Sonarqube version this feature would be available ?
I’m currently using :

  • Community Edition
  • Version 7.9.3 (build 33349)

Thank you in advance for your support.

Hi @Axel,
what are looking for ? Gitlab integration or Gitlab MR decoration?
Both are available starting 8.0 and 8.1 and to get the MR decoration, you need the branch analysis --> you’ll need to upgrade to the Developer Edition at least (commercial edition).

You can give a try here, and reach out to our Sales team for next steps.

PS1: we are currently running version 8.4 of SonarQube, you’ll enjoy these two features in this one
PS2: to be aware and follow the updates and new features, I recommend you to follow this page: https://www.sonarqube.org/whats-new/

HTH, Carine

Hi @Carine_Lacombe ,

I’m looking for Gitlab MR integration. I’m currently using Jenkins for continous integration and would like to analyse every Merge Request coming from Gitlab with Sonarqube.
My goal is to “block” merging the code in the “Master branch” if the Sonarqube “Quality gate” is not passed.

Best regards,
Axel

You need to download and install at least the Developer Edition, in 8.4.1 version of SonarQube (the latest version).
You’ll find more info on how to block the merge of MR when QG fails: How to block the merge of Merge Requests when SonarQube Quality Gate is failed, with GitLab

Have a nice day,
Carine