PR Analysis - False Positive Scan?

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Sonarqube - Enterprise Edition - Version 9.4 (build 54424)

  • what are you trying to achieve
    I want my PR Analysis to fail when new code smells or bugs appear.

  • what have you tried so far to achieve this
    I have been attempting to run PR analysis in my front-end application project. Unfortunately, it doesn’t work when I introduce new code smells into my application to test this behaviour.

When I run the project in my PR pipeline stage in GoCD, it sets the following variables in my file:


When I run the project manually and I git checkout the , it fails, as follows:

git checkout <branch>

docker run \
--rm \
-v "$(pwd):/usr/src" \

If I don’t manually check out the , it seems to be constantly running against the main branch instead, always being successful at the end, which is not the behaviour I am expecting.

Is the sonar-scanner-cli, either in docker, maven or any other version, supposed to check out the PR branch to be analysed or do we have to do it manually?


Welcome to the community!

You need to make sure your CI is checking out the PR’s underlying branch and then feeding the PR values into analysis. We can only analyze the data we’re fed & the checkout-the-branch part’s a bit out of scope for this community.


That makes total sense, it seems we have been using it incorrectly all this time.

Best regards,


1 Like