OK. I get it. Well unfortunately if you analyze both a PR and the branch corresponding to that PR and you review the hotspot on the PR only, then the same hotspot is not marked as reviewed on the branch.
And indeed the reason behind this is that we believe that the pipeline should either analyze PRs (preferably, if PRs are used by developers) or feature branches (if PRs are not used) but not both.
I understand that selecting branches or PR (exclusively) in jenkins may not be that easy (since you still have to analyze main branches (master, develop, maintenance & release branches)). I see 2 different options:
- You leave your pipeline as is and developers should simply ignore the (feature) branches analyzed in SonarQube. These branches are continuously deleted as they are merged and no longer analyzed, so you, at all time, should only have a small number of these branches visible from the SonarQube branch menu.
- Either you have good branch naming conventions and your pipeline should check the branch name to determine if the branch should be (built and) analyzed or not
This option is obviously better because it makes it clearer in SonarQube AND it saves processing on your CI (no build of the feature branches, only PRs).
And indeed it requires to create a PR almost as soon as the branch is created so that the code of the branch is analysed as early as possible in the development of that branch