Is there official guidance on how to scan code in github merge queues?

  • ALM used GitHub
  • CI system used Github Actions

When SQ scans are triggered by a merge_group, it uses the main branch. If we detect and specify the branch it runs on all code in the branch and not just changes, which may be ok. All of these leads to my question, is there a recommended way to scan code triggered by a merge group with SonarCloud?


Welcome to the community!

merge_group is a new one on me. From my reading, it looks like several PRs are being merged at once. And you’re asking about best practices for analysis of the target branch after merge, right?

I’d say what you’ve described - analyze the target branch (presumably main) - looks right.