I understand the code will be analyzed with each pull request. The problem is the code is not being analyzed after initiating a pull request from GitHub. Is there some other configurations that I need to consider to trigger the code analysis?
Code analysis won’t happen on its own – it needs to be initiated by a Scanner that is typically configured as a part of a CI job that kicks off after you raise the pull request. Do you have any CI jobs running after you raise the pull request, and do they include SonarQube analysis?
I’m just trying to get some clarification. If I’m not using a CI tool such as Jenkins or Azure, then I can’t configure a project in GitHub to utilize SonarQube’s Pull Request Decoration to analyze my project code?
Is the SonarQube and GitHub “Pull Request Decoration” independent of Jenkins? I thought it’s purpose was to give an analysis when a pull request is initiated. So, it can be utilized along with peer code review before merging branches, no?
SonarQube does not discover the creation of a new pull request automatically. It doesn’t have to be Jenkins, but something must trigger a scan in reaction to the creation of the pull request. Then once a scan is triggered and the analysis is completed on the SonarQube server, SonarQube will reach out to GitHub via its APIs to decorate the pull request.
Note that it could be Jenkins, any other CI system, even something homegrown that polls or uses web APIs to communicate with GitHub and discover the creation of new pull requests (or updates to existing PR branches).
