Help Needed: SonarCloud Integration Issue with GCP Cloud Build

Hello community,

I hope you’re all doing well. I am currently facing an issue with SonarCloud integration on GCP Cloud Build. Despite running scans using the sonarsource/sonarcloud-scan:2.0.0 Docker image, I am unable to see the issues introduced by a Pull Request (PR) on SonarCloud.

Here is the command I’m using after running the scanner with$BRANCH_NAME$TARGET_BRANCH on a previous step:

sonar-scanner -Dsonar.organization=my-org -Dsonar.projectKey=my-project-key -Dsonar.sources=. -Dsonar.pullrequest.branch=$BRANCH_NAME -Dsonar.pullrequest.base=$BASE_BRANCH -Dsonar.pullrequest.key=$PR_KEY

Even though the issues are present, they are not reflected in the scan results.

Any guidance or suggestions on how to troubleshoot and resolve this issue would be greatly appreciated.

Thank you in advance for your assistance!

Hey there.

First things first, you can’t use both sonar.branch.* and sonar.pullrequest.* parameters during an analysis. Let’s start there by removing sonar.branch.*.

What exactly is this? As far as I’m aware, sonarsource/sonarcloud-scan:2.0.0 is a bitbucket pipe – are you using Bitbucket Pipelines (maybe a self-hosted runner on GCP?)

Hello Colin,

I appreciate your prompt response.

Currently, I’m in the process of conducting scans on GCP Cloud Build with a Bitbucket repository. My project is unbound because I’m creating it through a Terraform provider that calls the SonarCloud Web API.

I opted for this particular docker image as it closely aligns with the sample image utilized in the bitbucket-pipelines.yml example. Do you have any suggestions for an alternative approach, or do you think this choice is suitable for my setup?

I really don’t reccomend any setup that leaves you with unbound projects – important features like Pull Request Decoration won’t work, meaning you’ll only get results in the SonarCloud UI.

If you aren’t using Bitbucket Pipelines at all, I would suggest using the sonarsource/sonar-scanner-cli. I’m realizing that I can only find for using this Docker image in the SonarQube docs (I’ll raise a point with our docs team)