Please forget the “preview” mode, this was a hacky way to get raw issues, and only raw issues. With the preview mode, you did not get coverage, duplication, the tracking of issue state over time, issue assignment to the relevant developers, the possibility to quality an issue, the ability to drill down into issue multiple locations, and most importantly the quality gate defined for your project.
GitLab currently only wants to ingest our raw data. It might not bother the few of you who care only about raw issues, but it does bother us because it breaks the overall user experience that we’ve designed for our users and the value proposition that we bring to them. GitHub, Microsoft (with Azure DevOps) and Atlassian (with Bitbucket Cloud) allow us to bring this value to the development teams. Currently, GitLab does not.
Good or bad, but I cannot understand the current conception of SQ team. Even I had discussions with SQ rep or googling information in the internet. Current position of SQ is unclear. Do you want to brake CI ability? If not please explain how I can get results of changed code verification? Lets suppose I do not believe to developer and want to verify what he/she changed in the code. How is it stable and issues-free after the change? And the project he is working on is not 2 but 20000 LOC (at least). Without preview mode I need to spend long time to get results. What I want to say - SQ has been a great tool before, fully compatible with CI/CD, now it is not. I tried to get integration with CI even in commercial versions, but it is not possible anyway.
Do you mean the integration that is in Developer (commercial) edition you mentioned somewhere? Just because community plugin looks stops working in the latest SQ 7 as I red above. And I support Julien’s idea about video explaining how to configure and use such integration (in community edition ??)
We (in our company) were tired of waiting for a feature from SQ (with sonarqube gitlab plugin) that will raise a red flag when code coverage on new or changed code is below 80% that we spent some fraction of our time implementing own utility that takes java, jgit, jacoco and formula from docs of SQ to calculate coverage. Wrapped it up into docker image and just plugged beside SQ preview job in Gitlab CI. Now we have branch analysis from Developer Edition and broken builds with insufficient coverage.
And now we are kind of stuck with SQ 7.6 Developer Edition where we want to have branch analysis with Gitlab integration plugin, but we cannot upgrade to 7.7 to replace that own tool.
I can’t comment what goes behind close doors but this:
“Nothing moved since my last message, and to be honest I don’t expect things to move in the near future given the “one-single-product-for-everything” strategy that GitLab follows. Basically, they don’t want integrations with tools/services which can lead their users to move out of the GitLab user experience”
seems to me to be a lot of… horse shite…
I suspect Microsoft’s GitHub acquisition to which was referred as “good partnership and a privileged relationship with the solution providers (Microsoft, Atlassian and GitHub)” carrying leverage?
Gitlab integrates with Snyk service and guess what, you can check the status of snyk service during Merge Request for example (Pass or Fail). In the case of a Fail you will be notified with the most relevant and critical information (at your fingertips). If you need to view their detailed report you you can open it on their website: snyk.io.
So either you won’t integrate, you haven’t got time or you can’t integrate, which is which.
just wanted to update this thread since we had a discussion with GitLab about what we can do on this topic.
We (SonarSource) will start an effort to integrate SonarCloud with GitLab.com. Like we always do, we are going to go baby steps and see where this leads. We expect GitLab guys to help and support us along the way. We already know there will be some challenges at some point, but we hope and believe that by that time, we’ll know each other’s world better to find the best solutions to those concerns.
Hello @Fabrice_Bellingard ~ In our need of integrating SonarQube with Gitlab, I ended up reading all the threads here on SonarSource community and gitlab.com. Just wanted to touch base here and ask if there are any updates you could share with us?
Hey there, we started looking at it during the summer, and we will start the first developments in the upcoming weeks. Note that as usual, we’ll progress step by step, so it will take a couple of minor SonarQube versions to have something which works for the main use cases.
I am currently evaluating the dev edition and trying it with gitlab. Authentication worked on second try, but that is the only integration for now. No MR decorator in sight, and that is something we were really looking for.
Hi, we are working on it at this very moment. You can watch https://jira.sonarsource.com/browse/MMF-1840 for updates. MR decoration may be available in SQ 8.1 next week if ready on time, or will be available on SQ 8.2 in two month.