SonarCloud decoration in Azure DevOps doesn't work with some repos


  • ALM used (Azure DevOps)
  • CI system used (Azure DevOps)
  • Scanner command used when applicable (private details masked)
  • Languages of the repository (C++)


I’ve got strange issue with PR decoration. I’ve got for example 2 repos. Let’s say repo A and repo B (and many, many more in a true life :slight_smile: ). Repo A includes pipeline yaml files and file about other repos (including repo B). Once I am doing PR from some branch to develop branch of repo A and I am running pre-merging verification pipeline (which is included in the same repo) as a Build verification it works perfectly. I’ve got Status check option like

SonarCloud/quality gate

to select from dropdown, I see comments from SonarCloud scan inside such pull request, I see proper quality gate status in Extension tab.


I’ve got repo B where there is a code of my application (C++) and where I would like to have also PR decoration. I am doing pull request there where I am executing pre-merging verification pipeline (from repo A), the pipeline executes properly, the PR is available to see from SonarCloud perspective, after SC scan execution I can see the result of Quality gate in Extension tab but I can’t select

SonarCloud/quality gate

as status check and I can’t see the comments from SonarCloud attached to such PR.

What I’ve done so far:

  • Personal Access Token checked if it have permissions to repo A and repo B and also checked if such PAT has got Code (read & write) permissions
  • Owner of PAT if the owner has got access to the proper repos in Azure DevOps
  • reconfiguration of Branch Policies for both of repos many times
  • tests with creating PRs (with Build validation by this pre merging pipeline and Status check) to the different branch than develop inside repo A and repo B
  • adding Status Check manually to the branch polices of repo B - looks like the pipeline stops on this manual Status check and “wait” till infinity

Am I doing sth wrong? Do you have any ideas?

Hey there.

Where have you configured the PAT? Is there one configured at the project-level (project Administration > General Settings > Pull Requests, in either project?

yes, PAT is configured at the project-level at the project which is related with file from repo A in this case.


If this is only the case with repoA and not repoB – this means that most probably, repoB is using the organization-level token (global Administration > Organization Settings).

If repoB is working… you might try and remove the token you’ve set for repoA and see if it works with the organization level token.

You mean about setting up organization-level token from Azure DevOps inside SonarCloud organization settings, right?

What if the repo B has got his own file and different project in SonarCloud which is not affected by executing this pre merging verification pipeline? Different scope of sources from repo B has been configured in file inside repo A and different project and scope of sources has been configured inside file od repo B itself.

One more thing. Repo A and repo B is part of the same project inside organization from Azure DevOps perspective.

Okay. And you pull both into a single pipeline somehow?

Yes, once I am creating pull request to repo B it uses pre merging pipeline yaml file which is located in repo A (as Build Verification branch policy) and in repo A there is file which includes repo B as source and inclusions.

It provide me the thing that if I do the pull request in repo B just the modified files from such repo are taken into consideration by Sonar scanner

In order to get Pull Request Decoration on both repos, you will need separate projects configured as a monorepo.

In this case I don’t need decoration in repo A. Repo A is a “storage” for pipeline files like pre-merging verification executed as Build Verification branch policies for repo B or other repos. I don’t know if it is important but inside the yaml pipeline file from repo A which is used as build verification for example inside pull requests for repo B there is repo B synchronization and checkout and also in repo A there is file where repo B is provided as a sonar.sources and sonar.inclusions.

Currently, looks like everything works good except adding comments into pull request of repo B so let’s say “feedback” after Quality gate publish step isn’t goes back to the PR in Azure DevOps.

Are there some opportunity to debug Publish Quality gate step somehow?

I did some tests and workarounds and it looks like there is soultion of this case. We have to have the same pipeline yaml file in repo B with different name configured as a pipeline name than the pipeline from repo A. Also, in repo B as a Build verification have to be linked the pipeline (with changed name) from the same repo so even if the pipeline is visible between repos as build validation then it doesn’t work at all if it comes to PR decoration once it doesn’t appear in the same repo.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.