JavaScript mono repo Bitbucket PR decoration failing with commit SHA issue

We are using Sonarqube 8.9 Enterprise Edition and getting the following error when trying to use PR decoration for a JS mono repo.

Failed to create Bitbucket Server Quality Report for commit SHA '1938275bffcfbb1c7568ac8d4a0dfeba49374873'

Note that PR decoration works correctly in other JS projects that are not mono repos.

Our mono repo structure is as follows

  • root
    • packages
      - package1
      - package2
      - etc

And each package is a separate Sonarqube project and runs its own scan during builds. And each is configured to use PR decoration as part of a mono repo under General Settings > Pull Request Decoration, with the slug matching the project root above.

I’ve tried both including and excluding the sonar.projectBaseDir




And many other property combinations, both locally and from Jenkins. Sonar analyzes the code correctly but still the same commit SHA error occurs preventing the PR decoration. Are there any file examples with a similar mono repo setup? Or any other configuration settings that could need changed?


Are you doing a local merge commit? What the error is telling you is that the local commit SHA doesn’t match anything on the server. So it sounds like there has been a commit after you pulled down the PR code.


For Jenkins, the hash in the Sonar error, matches the latest commit on the PR. I’d have to look into it more to know when the build pipeline is creating commits though.

I was also trying to run the PR scan locally and I’m getting the same.

git rev-parse sonar-testing

which matches the hash of the last commit on the PR.

and also matches the error in Sonar after the scan.

Failed to create Bitbucket Server Quality Report for commit SHA 'd144bcb941bae6be01361d9965e624e4511c2538'

There is a 400 error on the Sonar webhook when I get this error message. But as I mentioned, I’m not getting the error on non mono repos so I wouldn’t think it is an issue with the integration.


Thanks for the followup. I’ve flagged this thread for more expert attention.


I am able to get PR decoration if I run the sonar scan for every package from the project root directory, instead of from the package directory. Is this the only way JavaScript mono repos are supported?

Hey @robertcvent,

Is the text you’ve shared here coming from a warning displayed on SonarQube?

Could you check if you have any further information in the logs when the PR decoration is triggered?