Pull Request Decoration: SonarQube


*I’m trying to analysis code during after submitting a pull request in GitHub.

*Created a GitHub App based on the following documentation… https://docs.sonarqube.org/latest/instance-administration/github-application/

*Configured global settings for SonarQube’s “Pull Request Decoration”

*Configured project settings for SonarQube’s “Pull Request Decoration”

Issue: When I submit a pull request in GitHub then the project is not being analyzed by SonarQube.

Note: I provisioned my project in SonarQube and no analyse has been launch. Do I need to do an initial code analysis for this to work?

Thank you.

1 Like

You’ll need to analyse your code every time you raise a pull request (usually as part of whatever CI job kicks off when you raise the pull request)


I understand the code will be analyzed with each pull request. The problem is the code is not being analyzed after initiating a pull request from GitHub. Is there some other configurations that I need to consider to trigger the code analysis?

Code analysis won’t happen on its own – it needs to be initiated by a Scanner that is typically configured as a part of a CI job that kicks off after you raise the pull request. Do you have any CI jobs running after you raise the pull request, and do they include SonarQube analysis?

I’m just trying to get some clarification. If I’m not using a CI tool such as Jenkins or Azure, then I can’t configure a project in GitHub to utilize SonarQube’s Pull Request Decoration to analyze my project code?


Is the SonarQube and GitHub “Pull Request Decoration” independent of Jenkins? I thought it’s purpose was to give an analysis when a pull request is initiated. So, it can be utilized along with peer code review before merging branches, no?


SonarQube does not discover the creation of a new pull request automatically. It doesn’t have to be Jenkins, but something must trigger a scan in reaction to the creation of the pull request. Then once a scan is triggered and the analysis is completed on the SonarQube server, SonarQube will reach out to GitHub via its APIs to decorate the pull request.

Here’s a picture that may help:

Note that it could be Jenkins, any other CI system, even something homegrown that polls or uses web APIs to communicate with GitHub and discover the creation of new pull requests (or updates to existing PR branches).

Hope this helps clarify!

@Jeff_Zapotoczny Thank you for sharing this workflow with me.

@Colin Thank you for you patients and guidance.

1 Like