SonarCloud Code Analysis Check not reported to Github

Good Morning,

We have the following problem:
We execute our CI pipeline, including SonarCloud analysis. The Analysis gets executed, SonarCloud Quality Gate gets reported to Github, we also see the result in SonarCloud, but the Status is not reported back to Github in the required checks for the pull requests. So our devs cannot merge their PRs, because that check is reported as missing.
Happened i.e. here:
This morning, at 8:11 AM (timestamp of the analysis in sonarcloud)

We have our Code in Github, use Jenkins as CI System and our application is based on .NET 6.
We use the command

“dotnet-sonarscanner begin”
build our application, execute the unit tests and finish with the

“dotnet-sonarscanner end”


Can you help us here? Do you need any more information?


Hi @JonasHornung , welcome to the community!

Thanks for the detailed error report.
First question: do you still experience this situation?

On GitHub, the checks are applied on a given commit, not on the PR itself.
On PR #3526, I see that SonarCloud tried to put the check on a commit with SHA1: 1e05633900de0a54482e3fa9c540ed489bb11173
GitHub answered that this SHA1 didn’t exist (error code 422), that’s why the check was not applied.

This behavior usually happens when the Git history changes (due to a rebase for example) between the beginning of the job and the attempt to set the check on SonarCloud. It is then expected, and the push of the new history triggers a new job execution that sets the check on the new commit SHA.

On that PR, I don’t see any other SonarCloud analysis related to this PR on Feb 10th, which seems to show that we are in another case.
Does this SHA1 match a real commit on the PR history? Do you know if the PR history changed?

I suspect from your message that it happened on several PRs at the same time. Did something change on the job configuration recently?


Hi Claire,

thank you for your response and sorry for my very late reaction.

So we just had another one of these cases and I investigated if a rebase happened, but the developer confirmed, that he didn’t do rebases of the affected branch.

But I might have an idea, why it happens:
Our Jenkins Server merges together the Pull-Request Branch with the Base-Branch and performs the analysis based on this merge. Maybe the SHA send to Sonarcloud is the SHA of the Merge done by Jenkins, not the current head of the PR-Branch.
I will investigate that and come back to you.


1 Like

This looks promising!
I’m looking forward the result of this investigation.