PullRequest Analysis, Do we have an option to select what kind of issues we need back in PullRequest overview page

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Developer EditionVersion 8.2 (build 32929)
    Azure DevOps Server - Version Dev17.M153.5

  • what are you trying to achieve

When PullRequest Triggers SonarQube Scan it returns the quality gate status along with Bugs,Code Smells, Security Hot Spot, Vulnerabilities details back into PullRequest’s Overview page.

What we trying to achieve is :

  • We don’t want “code smells” to get logged here in PullRequest’s OverView page. We still have it in Sonarqube dashborard and developer can go and review that in sonarqube dashboard if any “code smells”

  • We log other issues in PullRequest’s overview page as it is except “code smells”

We still want to log everything in sonarqube dashbord but selective about what we want to be displayed in PullRequest’s overview page.

  • what have you tried so far to achieve this
    Currently unable find any options to achieve this. Are there any options available through which we can tell sonarqube that only log selective issues (like only Bug, Security Hotspot displayed in PR and not Vulnerabilities and Bugs)

Hi,

FYI, I’ve moved this to the ‘Suggest new features’ category.

 
Ann

Hi @dkori003,

Could you explain in a bit more detail what’s your use case and especially why you don’t want to see Code Smells in the PR overview (as I understand)?

I’m not sure I understand exactly what you mean by “We log other issues in Pull Request’s overview”, what do you mean?

Thanks,

@aurelie Sorry for the late response. When we enable PR decoration each code smell, Vulnerability are logged back in comment section of PR. If there 30 Code Smell, there are 30 entries in comment section. So it it possible to configure what we need in comment section , Example i need only Security Hotspot are logged back in PR comment section not code smell, This helpful for code reviewer to easily look at PR description to see what sonar scan results are… but when it lot many things it confuses code reviewer some times. I hope i explained better.

Hi @dkori003,

I understand thanks.
May I ask additional questions?

  • Is your request only because when there are a lot of issues, it is confusing for the code reviewer to focus on the code to review ? Or is there another reason ?
  • If you would not see the Code Smells in the PR overview, when and how would you fix the Code Smells ?

Thanks,

Hi @aurelie

  1. Yeah if there are 50 code smells, I don’t want them log in PR commits, I would rather go Sonaqube UI and see it, this is only for code smells, if any security issues I still want to log them back in PR commits.

  2. I still go to Sonar qube GUI and see if any code smells and fixes as necessary. Not to log them in PR. Since we quality status in PR which says passed of failed… if it’s failed status we still go to Sonar portal to assess why it’s failed.

Hi @dkori003,

Thanks for the clarifications.

This is not possible right now neither on our roadmaps. We are eager to hear about other people’s feedback or interest on this point to consider it.

In the meantime, I would recommend to use SonarLint to be able to detect and fix the issue directly in the IDE before pushing the code, it would allow to decrease the issues in the PR.

Cheers,