SARIF import not working for pull request analysis only for master

jani_r · August 22, 2024, 11:21am

Sonar scanner 6.1.0.4477
Sonarqube Community Edition, v10.6 (92116)
Sonarqube Community Branch Plugin 1.21.0

I am trying to import SARIF issues (generated with salesforce code analyzer) during pull request analysis

Everything works fine for master branch when I merge the pull request

Parameters used when for pull request analysis:
-Dsonar.projectVersion
-Dsonar.pullrequest.base
-Dsonar.pullrequest.branch
-Dsonar.pullrequest.key
-Dsonar.scm.revision
-Dsonar.sarifReportPaths

and when analyzing master
-Dsonar.projectVersion
-Dsonar.branch.name
-Dsonar.scm.revision
-Dsonar.sarifReportPaths

The logs shows that analysis is successful and SARIF report is imported for both master and pull request but sonarqube does not shown any issues for the branch. It is completely empty, branch analysis shows up as Passed (since there are no issues). The issues are only shown for master branch and it shows up as Failed because of all the issues.
The analysis has worked before when Enterprise edition was used since it supported apex language but now since Community edition does not support apex we are using salesforce code analyzer to analyze the code

ganncamp · August 23, 2024, 3:45pm

Hi,

PR analysis only shows issues for changed (recognized) code. Based on your screenshots, there’s no changed code and so nothing to “hang” issues from the SARIF report off of.

HTH,
Ann

jani_r · August 27, 2024, 4:54am

Yes, you are right it seems to work now. I had not made any changes to the pr

system · September 3, 2024, 4:55am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.