Pull Request decoration i Azure Devops not working


I’m using Sonarcloud with Azure Devops but I can get the PR decoration to work. I have successfully imported the project in Sonarcloud and I can see the result of the analysis, but nothing is reported back to Azure Devops.

Any ideas on how to troubleshoot the connection? Is there a log in Sonarcloud somewhere or some way of testing the connection?

I’m completely in the dark here.


Hey there.

Three important questions:

  • Is your project bound to the correct repository (clicking on the Azure DevOps icon should take you to the repository you are raising pull requests on)
  • Do you see Pull Requests being analyzed in the SonarCloud UI (under the Pull Requests section of your project)?

  • Finally, have you configured a valid token at either the project-level Administration > General Settings > Pull Requests) or at the organiztion-level (Administration > Organization settings > Azure DevOps connectivity management)?

Hi Colin!

Thank you for replying. Thats a Yes on all those three question.

Here’s the output from the background worker on a PR build.
I can see that the value of our project name (key: sonar.pullrequest.vsts.project) is wrongly encoded. Could that be the issue?

SonarCloud plugins:
  - IaC Code Quality and Security (iac)
  - PL/SQL Code Quality and Security (plsql)
  - Scala Code Quality and Security (sonarscala)
  - C# Code Quality and Security (csharp)
  - Vulnerability Analysis (security)
  - Java Code Quality and Security (java)
  - HTML Code Quality and Security (web)
  - Flex Code Quality and Security (flex)
  - XML Code Quality and Security (xml)
  - Text file Code Quality and Security (text)
  - VB.NET Code Quality and Security (vbnet)
  - Swift Code Quality and Security (swift)
  - CFamily Code Quality and Security (cpp)
  - Python Code Quality and Security (python)
  - Go Code Quality and Security (go)
  - JaCoCo (jacoco)
  - Kotlin Code Quality and Security (kotlin)
  - Mercurial 1.1.2 (scmmercurial)
  - T-SQL Code Quality and Security (tsql)
  - Apex Code Quality and Security (sonarapex)
  - JavaScript/TypeScript Code Quality and Security (javascript)
  - Ruby Code Quality and Security (ruby)
  - Vulnerability Rules for C# (securitycsharpfrontend)
  - Vulnerability Rules for Java (securityjavafrontend)
  - License for SonarLint (license)
  - Vulnerability Rules for JS (securityjsfrontend)
  - COBOL Code Quality (cobol)
  - Vulnerability Rules for Python (securitypythonfrontend)
  - PHP Code Quality and Security (php)
  - ABAP Code Quality and Security (abap)
  - Configuration detection fot Code Quality and Security (config)
  - Vulnerability Rules for PHP (securityphpfrontend)
Global server settings:
  - email.from=noreply@sonarcloud.io
  - email.fromName=SonarCloud
  - email.prefix=[SonarCloud]
  - node_10_end_of_support_date=1620604800000
  - node_10_grace_period_termination_date=1621814400000
  - sonar.auth.bitbucket.enabled=true
  - sonar.auth.microsoft.enabled=true
  - sonar.core.id=1BD809FA-AWHW8ct9-T_TB3XqouNu
  - sonar.core.serverBaseURL=https://sonarcloud.io
  - sonar.core.startTime=2022-02-02T11:17:09+0100
  - sonar.dbcleaner.weeksBeforeDeletingAllSnapshots=260
  - sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByMonth=4
  - sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByWeek=1
  - sonar.global.exclusions=**/build-wrapper-dump.json
  - sonar.lf.enableGravatar=true
  - sonar.lf.logoWidthPx=105
  - sonar.maintenance_mode.link=https://sonarcloud.statuspage.io/incidents/6qy1js6rqm5n
  - sonar.maintenance_mode.message=SonarCloud will undergo maintenance for 30 minutes on Tuesday, February 15th. The service will not be available between 07:00 CET and 07:30 CET. Additionally, we will execute two maintenance tasks on February 8th and February 22nd at 08:00 CET, during which, it is possible that you will receive errors over a short period of time (1-2 minutes).
  - sonar.maintenance_mode.start_date=2022-02-15T07:00:00.000+01:00
  - sonar.organizations.anyoneCanCreate=true
  - sonar.organizations.createPersonalOrg=true
  - sonar.plsql.file.suffixes=sql,tab,pkb
  - sonar.tsql.file.suffixes=.tsql
Project server settings:
  - sonar.pullrequest.provider=Azure DevOps Services
  - sonar.pullrequest.vsts.token.secured=******
Project scanner properties:
  - sonar.cs.opencover.reportsPaths=**/coverage.opencover.xml
  - sonar.host.url=https://sonarcloud.io/
  - sonar.login=******
  - sonar.modules=7488A04F-EAD7-490A-8743-8D62CCDAE406,43BD8A9C-2FE3-47F0-951C-5D78548E1EB8
  - sonar.organization=afaforsakring
  - sonar.projectBaseDir=/__w/48/s/src
  - sonar.projectKey=afaforsakring_mega-worker-dotnet
  - sonar.projectName=mega-worker-dotnet
  - sonar.projectVersion=1.0
  - sonar.pullrequest.base=main
  - sonar.pullrequest.branch=sonar-test
  - sonar.pullrequest.key=2767
  - sonar.pullrequest.provider=vsts
  - sonar.pullrequest.vsts.instanceUrl=https://afaforsakring.visualstudio.com/
  - sonar.pullrequest.vsts.project=Kundresa och v��rdestr��m
  - sonar.pullrequest.vsts.repository=mega-worker-dotnet
  - sonar.scanAllFiles=true
  - sonar.scanner.app=ScannerMSBuild
  - sonar.scanner.appVersion=5.4
  - sonar.scanner.metadataFilePath=/__w/_temp/sonar/20220203.6/d076ebf0-2bf8-fd9d-e0d1-66c02cc4ed6c/report-task.txt
  - sonar.sourceEncoding=US-ASCII
  - sonar.visualstudio.enable=false
  - sonar.working.directory=/__w/48/.sonarqube/out/.sonar
Scanner properties of module: afaforsakring_mega-worker-dotnet:afaforsakring_mega-worker-dotnet:7488A04F-EAD7-490A-8743-8D62CCDAE406
  - sonar.cs.analyzer.projectOutPaths="/__w/48/.sonarqube/out/0","/__w/48/.sonarqube/out/2"
  - sonar.cs.roslyn.reportFilePaths="/__w/48/.sonarqube/out/0/Issues.json","/__w/48/.sonarqube/out/2/Issues.json"
  - sonar.moduleKey=afaforsakring_mega-worker-dotnet:afaforsakring_mega-worker-dotnet:7488A04F-EAD7-490A-8743-8D62CCDAE406
  - sonar.projectBaseDir=/__w/48/s/src/MegaWorker
  - sonar.projectKey=afaforsakring_mega-worker-dotnet:afaforsakring_mega-worker-dotnet:7488A04F-EAD7-490A-8743-8D62CCDAE406
  - sonar.projectName=MegaWorker
  - sonar.sourceEncoding=utf-8
  - sonar.sources="/__w/48/s/src/MegaWorker/Model/MegaCase.cs","/__w/48/s/src/MegaWorker/Model/MegaCreateCaseTask.cs","/__w/48/s/src/MegaWorker/Program.cs","/__w/48/s/src/MegaWorker/Services/CaseApi.cs","/__w/48/s/src/MegaWorker/Services/CaseApiTokenService.cs","/__w/48/s/src/MegaWorker/Services/ClaimRegistrationClient.cs","/__w/48/s/src/MegaWorker/Services/MegaCaseMapper.cs","/__w/48/s/src/MegaWorker/Services/MegaTaskHandler.cs","/__w/48/s/src/MegaWorker/Worker.cs","/__w/48/s/src/MegaWorker/appsettings.Development.json","/__w/48/s/src/MegaWorker/Properties/launchSettings.json","/__w/48/s/src/MegaWorker/obj/Debug/net6.0/apphost"
  - sonar.working.directory=/__w/48/.sonarqube/out/.sonar/mod0
Scanner properties of module: afaforsakring_mega-worker-dotnet:afaforsakring_mega-worker-dotnet:43BD8A9C-2FE3-47F0-951C-5D78548E1EB8
  - sonar.cs.analyzer.projectOutPaths="/__w/48/.sonarqube/out/1","/__w/48/.sonarqube/out/3"
  - sonar.cs.roslyn.reportFilePaths="/__w/48/.sonarqube/out/1/Issues.json","/__w/48/.sonarqube/out/3/Issues.json"
  - sonar.moduleKey=afaforsakring_mega-worker-dotnet:afaforsakring_mega-worker-dotnet:43BD8A9C-2FE3-47F0-951C-5D78548E1EB8
  - sonar.projectBaseDir=/__w/48/s/src/MegaWorkerTests
  - sonar.projectKey=afaforsakring_mega-worker-dotnet:afaforsakring_mega-worker-dotnet:43BD8A9C-2FE3-47F0-951C-5D78548E1EB8
  - sonar.projectName=MegaWorkerTests
  - sonar.sourceEncoding=utf-8
  - sonar.sources=
  - sonar.tests="/__w/48/s/src/MegaWorkerTests/CaseApiTests.cs","/__w/48/s/src/MegaWorkerTests/ClaimRegistrationClientTest.cs","/__w/48/s/src/MegaWorkerTests/MegaCaseMapperTest.cs","/__w/48/s/src/MegaWorkerTests/MegaTaskHandlerTest.cs","/__w/48/s/src/MegaWorkerTests/claim-registration.json"
  - sonar.working.directory=/__w/48/.sonarqube/out/.sonar/mod1

Oh boy :sweat_smile: It sure looks like it could. Nice catch.

Looking into the logs, a 404 error is indeed being returned on this URL:


If I try and guess what the actual characters or what language it is I’m sure I’ll mess up – can you let us know what the project name should be? If Microsoft supports such project names, so should we.

I won’t make you guess :blush:

The project is named: Kundresa och värdeström (it’s in swedish)

Thanks. I’ll ping internally.

Hi @jonas.lundblad

I just did a quick test on my side but wasn’t able to reproduce.

To help you troubleshoot, some questions/actions to do:

  • Was your project created a long time ago on SonarCloud ?
  • Can you display current env variables during a run of your pull request build, and check for the ‘SYSTEM_TEAMPROJECT’ variable and its value : does you project name displays correctly there ?



Thanks for checking.

No, the project was created just a few weeks ago. I’ve run the pull request pipeline with verbose turned on and everything looks fine from what I can see. The output for that variable is:

##[debug]Set env: SYSTEM_TEAMPROJECT=Kundresa och värdeström

Just to give give you som more details, this is the build, test and analyze job I use:

      - job: buildPr
        displayName: 'Build and Test analysis'
        container: dotnet-sdk

          - task: SonarCloudPrepare@1
              SonarCloud: 'Sonarcloud'
              organization: 'afaforsakring'
              scannerMode: 'MSBuild'
              projectKey: 'afaforsakring_mega-worker-dotnet'
              projectName: 'mega-worker-dotnet'
              extraProperties: |

          - bash: |
              dotnet tool restore
              dotnet restore
              dotnet build
              dotnet test --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
            displayName: "Build"

          - task: SonarCloudAnalyze@1
          - task: SonarCloudPublish@1
              pollingTimeoutSec: '300'

The only thing I can see that differs from a project that has working PR decoration (apart from being a c# project) is that here we are using the SonarCloudAnalyze@1 and not the sonar plugin for maven/gradle .

Any update on this issue?

Hi @jonas.lundblad

This is expected for a dotnet project.

So far as i told i was not able to reproduce, i will double check once more.


So if you aren’t able to reproduce what are my options?

Hi @jonas.lundblad

Few more questions :

  • If you create a new repository on this project; and you import it on SonarCloud (if your organization is bound to the one on Azure DevOps), do you see the characters printed correctly ?
  • Are you using a self-hosted build agent or are you using one from azure devops ?
  • Can you check what is the value of the LANG env variable if you have it ?
  • Alternatively, can you send me a debug log of a pipeline execution please ? I can DM you for that, just let me know.



No, unfortunately not. I still see the weird characters in the variable sonar.pullrequest.vsts.project.

I did as you said and created a new repository and imported it to SonarCloud.

Hey @jonas.lundblad

I think this point from @mickaelcaro is important to follow up on.