Sonar lint on Github PR

manikanta_Nani · June 3, 2025, 7:14pm

We need to set up sonar linting for java files during PR using github can you please help

ganncamp · June 4, 2025, 3:23pm

Hi,

This is a pretty big question. Do you have SonarQube Server installed? Or are you using SonarQube Cloud?

What have you tried so far?

Ann

manikanta_Nani · June 9, 2025, 10:27pm

we will isntall sonarQube on fly using git hub actions and have sonar lint scans

ganncamp · June 10, 2025, 12:28pm

Hi,

This is two different things. SonarQube for IDE is a plugin that lives in your IDE and analyzes as you type.

Anything related to GitHub Actions, implies that you’re analyzing in your CI/CD pipeline and posting analysis results to either SonarQube Cloud or a self-hosted instance.

Ann

manikanta_Nani · June 11, 2025, 1:19pm

Thanks ganncamp for your inputs,

Is there a way to lint Java files during pr raised for changed files using SonarQube?

we need to implement this in Github Actions.

ganncamp · June 11, 2025, 2:51pm

Hi,

Are you using SonarQube Server or SonarQube Community Build? Only Server supports PR analysis.

HTH,
Ann

manikanta_Nani · June 12, 2025, 5:55pm

We are not using any SonarQube server, if there is a linting option for java changed files, we will setup github actions in runner to install sonarquebe and lint the file and show results. Is this possible?

ganncamp · June 12, 2025, 6:02pm

Hi,

For PR analysis, you’ll need to use either SonarQube Server Developer Edition($) (self-hosted) or SonarQube Cloud. There is no stand-alone option for PR analysis.

HTH,
Ann

manikanta_Nani · June 13, 2025, 4:29pm

Thanks , if we use SonarQube server Developer edition can we use that java lint ?

ganncamp · June 13, 2025, 5:17pm

Hi,

Here’s the list of 3rd-party reports we import natively. If your tool isn’t in the list, then you can look at converting the output to our Generic Issues format.

HTH,
Ann

manikanta_Nani · June 18, 2025, 6:04pm

Hi Ann thanks for the inputs.

We need to run Sonar analysis for code smells, vulnerabilities, and potential bugs only on the Java files that have changed in a PR. Running a full scan takes more than 1 hour and 30 minutes due to the large codebase, which makes it impractical to wait for each PR.

Is it possible to limit the scan to only the Java files changed during the PR?

ganncamp · June 18, 2025, 6:29pm

Hi,

That’s what PR analysis does. You’ve previously asked about Developer Edition. Using it would get you PR analysis. You’ll need to analyze the base branch first for this to work tho.

HTH,
Ann

manikanta_Nani · June 18, 2025, 6:55pm

Thanks Ann, Can you please help us on steps for doing this process.

ganncamp · June 19, 2025, 2:40pm

Hi,

The docs should get you started.

Ann

Topic		Replies	Views
Speed up analysis by running Sonar on only the git changed files SonarQube Server / Community Build	2	1015	August 31, 2021
Sonarcloud using Github Actions vs Automatic Analysis SonarQube Cloud scanner , sonarqube-cloud	5	573	December 5, 2022
Faster PR analysis Plugin Development	11	418	January 17, 2023
Setting up Sonarqube scanner with Github actions SonarQube Server / Community Build github-actions	7	6159	July 26, 2022
Sonarqube 10.2 + github on branch master : analysis is ok but project is still not having any analys SonarQube Server / Community Build java , sonarqube	4	337	October 30, 2023

Sonar lint on Github PR

Related topics