Using SonarQube developer 8.3.1.34397; integrated with GitHub Enterprise 2.16.2; viewed using latest google chrome on windows.
I’ve integrated my SonarQube instance with my Github Enterprise server, so my pull requests are decorated (having both bot comments and a PR check). all good so far
Problem: images on both the bot comment and the check page are broken. I believe it’s due to GitHub’s contents-security-policy, that prevent loading images from external sources as my sonarQube server. (when I’m using extensions like this to disable CSP, the images are shown correctly…)
Any idea how to overcome this? (can I e.g. customize the used images, e.g. to have them pointing to images located on my Enterprise Github server itself, so hopefully they can be served)?
BTW, having the images uploaded to the github enterprise server would definitely work…
Putting my developer hat for a second, it might be nice for the PR decoration code to do just that on the 1st decoration of a PR of a GH instance, and always use those stored references to images locations on GH.
well yes… it’s just a suggestion for a solution from SonarQube side
basically as a human user you can drag an image to a PR comment, and it will be loaded to GH (not to your repo, but to some shared/per user storage, e.g. as <GIT_URL>/storage/user/76/files/3029a580-a594-11ea-851d-4c875b7c7e9a).
Your PR comment will include a link to the above file. as this file sits inside your GH server, no problem with CSP!
Maybe the PR decoration code could do something similar (except the drag&drop part ): upload the relevant image to GH, and than the references to images on the sonar server can be replaced with references to those images on GH.
