I use a tool called Kosli which can attest evidence in the SDLC. See kosli attest sonar
However, the command returns this error:
I run a sonarqube scan in my CI process (TeamCity) and then attest this with Kosli, but get this error? 15:26:14 Error: analysis with ID 966c06ab-bd7e-4ad0-b8f9-b214a5e73d9d not found on http://sonarqube.xxx.com:9000. Snapshot may have been deleted by SonarQube
I was wondering, how do I check the snapshots that are available and any settings related to their cleanup?
I’m not familiar with kosli, but it seems like it’s doing it the hard way. Within SonarQube itself, you have the ability to set up webhooks to notify external systems of your quality gate status.
At a guess, it’s grabbing the wrong piece of data as the analysis ID. There’s also a difference between the ID you get when you submit the analysis report to the server, and the analysis ID that’s assigned after that report is processed. I suggest you re-examine the workflow here.
We try to keep it to one topic per thread. Otherwise it can get messy, fast. Could you create a new thread for this, with all your details, if you’d really like to pursue it?