HI everyone,
We are new to sonarcloud (team) exploring the best possible ways of utilizing it. Some details of our projects include :
ALM used (Bitbucket Cloud)
CI system used ( AWS CodeBuild/CodePipeline)
Scanner command used on buildspec.yml [npm package]
Languages of the repository - JS/TS [Python for next project]
We have imported all the repos from bitbucket to sonarcloud. Each repo has a main branch and multiple feature branch, we want to achieve the following things:
Pull request analysis and decoration
Bitbucket Branch decoration
Scan multiple repos at once if possible
Current challenges we are facing :
Can’t automatically assign issues to the users thought they have same emails, [Disable the SCM sensor is turned off]
Need suggestions for multi repo scanning,
Also if a user is involved into multiple repos, is issue assigned for individual repo ?
As we are building docker image in build process, how can we assign the issues to the users ?
I’m not sure I understand what you’re asking. Issues should be assigned to the last person to edit the line, regardless of repo.
This is a different topic, and we try to keep it to one topic per thread. Otherwise it can get messy, fast. Please create new threads for each question not related to issue assignment.
We are using AWS Pipeline to clone source code from BitBucket with OAuth. We are using full metadata clone option too.
Later when i searched for .git file inside codebuild environment, there is no .git file, and I guess SonarCloud needs .git file to assign issues automatically.
Also, after running sonar-scanner locally, the sonar cloud UI is populated with issues auto assigned with respective developers.
So, can you please suggest me an appropriate way to do it in CI/CD pipeline ? Do i need to run git clone instead of OAuth ?
I am talking about ways of cloning source code in AWS CodePipeline. We can either connect our AWS account with Bitbucket using OAuth (which downloads a zip file of source code) or we can use git clone <repo_name> which clones a .git file too.
Can you recommend a best possible way to integrate sonar cloud with AWS CodePipeline ?
Yeah, definitely don’t do that. Downloading a zip file doesn’t get you the SCM metadata analysis needs. You need to be cloneing the repo and then checkout-ing the branch.
Thanks for the screenshot. What you’re seeing is the best you can hope for with 1) the SCM sensor disabled and/or 2) no SCM metadata available in the workspace.
