I hope you’re all doing well. I am currently facing an issue with SonarCloud integration on GCP Cloud Build. Despite running scans using the sonarsource/sonarcloud-scan:2.0.0 Docker image, I am unable to see the issues introduced by a Pull Request (PR) on SonarCloud.
Here is the command I’m using after running the scanner with -Dsonar.branch.name=$BRANCH_NAME -Dsonar.branch.target=$TARGET_BRANCH on a previous step:
First things first, you can’t use both sonar.branch.* and sonar.pullrequest.* parameters during an analysis. Let’s start there by removing sonar.branch.*.
What exactly is this? As far as I’m aware, sonarsource/sonarcloud-scan:2.0.0 is a bitbucket pipe – are you using Bitbucket Pipelines (maybe a self-hosted runner on GCP?)
Currently, I’m in the process of conducting scans on GCP Cloud Build with a Bitbucket repository. My project is unbound because I’m creating it through a Terraform provider that calls the SonarCloud Web API.
I opted for this particular docker image as it closely aligns with the sample image utilized in the bitbucket-pipelines.yml example. Do you have any suggestions for an alternative approach, or do you think this choice is suitable for my setup?
I really don’t reccomend any setup that leaves you with unbound projects – important features like Pull Request Decoration won’t work, meaning you’ll only get results in the SonarCloud UI.
If you aren’t using Bitbucket Pipelines at all, I would suggest using the sonarsource/sonar-scanner-cli. I’m realizing that I can only find for using this Docker image in the SonarQube docs (I’ll raise a point with our docs team)