What are you trying to achieve - Get the analysis results for a particular patch
Background/Scenario: We have a SonarQube instance running, which is integrated with Jenkins. So, every time a patch is pushed an analysis is triggered by the Jenkins in SonarQube and the Quality gate status is checked, and Job is marked passed or failed on the bases of quality gate status. Now, in a project there are multiple patches which are pushed at a short interval and multiple jobs and analysis are triggered by the Jenkins, but when we go to the link which is mentioned after the analysis for the result of that analysis, it takes us to the project in SonarQube instance and shows the latest or overall result.
Query: Is there any way I can find out, what were the bugs, vulnerability and issues when the particular analysis was run? if it can show the results for a particular patch?
I have the impression that what you’re looking for is Pull Request Analysis, available in the Developer Edition of SonarQube and above. Which edition are you using?
This is an open community with people volunteering their free time to provide assistance. We’re eager to contribute to the community, but you are not guaranteed a fast response.
@Colin we are using developer edition of SonarQube, is there any way to achieve this without setting up the pull requests also, just doing the analysis only for the files changed and have a log of analysis and when we click on that particular entry in the log and get the analysis result only for those changes?
@Colin Because what I understand is that pull request decoration will work only if your code is hosted, such as GitHub, but for us it is not hosted on GitHub or any other platform, it lies on a local server, do you have any idea how to do that if code is on a local server?
Pull Request Decoration can happen during Pull Request Analysis, but it is not required. You can still acehive the analysis of a PR without the decoration (and just see the changes related to the code in your PR.
Where is Jenkins pulling your code from when it runs the build? A locally hosted git server? Are you using a Pull Request process (storing your changes in a separate branch pushed to the Git server)?
@Colin Jenkins is pulling the code from locally hosted git server, yes, we use pull request process, also sometimes developers are making changes on the original branches without creating their own branch, both ways they are doing.
It sounds like configuring branch or pull request analysis is the best way to achieve what you’re trying to do. This does not require being integrated with a platform like GitHub, etc.
Hi @Colin , I am trying to set up a Pull request analysis in the environment as mentioned in the beginning of this thread, when I go to Sonar gui project pull request page , it shows pull request as null to null, and also its not showing the issues which are there on the pull request branch.
below are the logs
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 1 source file to be analyzed
INFO: SCM Publisher 1/1 source file have been analyzed (done) | time=69ms
INFO: CPD Executor Calculating CPD for 1 file
INFO: CPD Executor CPD calculation finished (done) | time=7ms
INFO: SCM writing changed lines
WARN: Could not find ref ‘null’ in refs/heads, refs/remotes, refs/remotes/upstream or refs/remotes/origin
INFO: SCM writing changed lines (done) | time=2ms
INFO: Analysis report generated in 50ms, dir size=198.5 kB
INFO: Analysis report compressed in 11ms, zip size=26.4 kB
INFO: Analysis report uploaded in 61ms
INFO: ANALYSIS SUCCESSFUL, you can find the results
I think WARN: Could not find ref ‘null’ in refs/heads, refs/remotes, refs/remotes/upstream or refs/remotes/origin this warning is the issue, any idea on how can I resolve this?
It sounds like the values aren’t resolving well for sonar.pullrequest.branch and ** sonar.pullrequest.base. How are you configuring them? Are you referencing some other value that might be empty?