SonarCloud + GitHub + Pull Request Analysis = No Inline Comments

We are currently evaluating to move from our self hosted SonarQube (with the GitHub plugin) to SonarCloud.
We were quite disappointed that the comments are gone. Back in the time before we used the comments we noticed that most developers were not taking much interest into the scan results, only if there were severe errors. Once we had the comments, the people started to fix much more issues and showed a lot more interest.

We are very interested in the inline annotations! Is there some kind of roadmap for the SonarCloud customers available?

Update on this thread.

We’ve recently spent some time looking again at this (MMF-1535), and we were again disappointed by the poor user experience that those annotations bring. By the way, GitHub Checks and its annotations are still declared as “Preview features [that] are not supported for production use”: this is not surprising that no code quality service is currently relying on annotations.

There is a very powerful yet simple way to force developers to take care about issues found by SonarCloud: you enforce a green SonarCloud status on the PR to allow the merge.

1 Like

Hi Fabrice,

Thanks for the update.

I think we’d get a lot of resistance on this; I myself wouldn’t enjoy it. We use SonarCloud to make our code review process easier. It was great when it was putting inline comments on PRs, basically saving reviewers tons of work commenting on basic things so we could focus on overall design. Also, code smells are not always blocking the quality gate (Log in with Atlassian account) but we still want people to see them.

Currently as a reviewer I have to use both the GitHub and SonarCloud UIs, and most reviewers don’t remember the SonarCloud part.

(Also, not every issue Sonar finds is real, and I don’t want to force developers to go outside GitHub to click “false positive” or “won’t fix” on every issue.)

We really miss the old behaviour where SonarCloud would put inline comments on code issues. (The only painful part of it was it was doing each comment individually, so we’d get dozens of e-mails for each PR instead of a single e-mail with all comments. If there’s a batch API it would probably improve things.)

I’m sorry to hear the checks/annotations API doesn’t provide a good experience. Unfortunately, without inline PR comments of some sort, SonarCloud is barely helping us at all. It’s too hard to have two streams of code review (GitHub + SonarCloud UI).

Best,
Mike

4 Likes

I was curious so I took a look around at what some other code quality tools do with GitHub PRs.

Hi Michael, thanks for your inputs on this. To be clear, we would prefer to be able to use annotations.

If you know other code quality online services which use annotations, I’d be really happy to take a look at what they do.

Hi Fabrice,

No, I didn’t find any that use annotations; inline PR comments seem to be the thing everyone is using, probably for the same reasons you’re not able to use annotations in Sonar.

3 Likes

Hi, any estimation when we can expect to have this feature again?

P.S. Inline comments on PR was also one of the main reason why we use it

4 Likes

Hello, just wanted to also add that our company was very disappointed when we saw this feature disappear. Even though the conversation tab is meant for humans, by enabling this feature we are asking sonar to provide a “human-like” review of our code. It’s meant to simulate a human, so I would like to see this feature come back. Maybe make it an optional feature which people could enable/disable if it’s controversial with github’s guidelines.

4 Likes

We would also love to have this feature back. It significantly improves code quality & productivity by showing everything there is to a PR to a developer. There’s no way they’ll forget to go through the reported issues.

3 Likes

Registered to say that my team shares the same sentiment: SonarCloud is barely helpful and completely unnoticed without inline comments.

2 Likes

I am currently evaluating code quality tools for my team and I was just about to go with SonarCloud as it matches our code base and security requirements better than Codacy and Code Climate. However, finding that the most useful feature has been removed is incredibly disappointing. I concur with the statements above that 2 workflows are impossible to implement, especially with people who are only occasionally raising PRs.

1 Like

Where are we at with this, SonarCloud team? To be very clear, this is the main issue stopping us from deepening our SonarQube implementation, and will be the #1 reason we will churn off the platform to another product. Inline comments are perfectly fine - please don’t get hung up on the Annotations thing.

This is also important to my team. We are currently a Codacy customer, and find that this feature delivers a lot of value. We would be interested to re-consider SonarCloud if and when this feature is re-enabled.

Hi everyone,

Just to let you know that we’re currently looking at this.
We’re going to provide a way to see SonarCloud issues in diff of GitHub PR, either by annotations or comments.

Thanks!

2 Likes

Annotations or comments are such great feature.
I’m impressed that SonarCloud currently doesn’t support it;

That’s great news! Are you targeting this in a current or far future release?

:tada::tada::tada::tada::tada::tada:

Hi, do you have any estimation when we can have inline comments again? :upside_down_face:

We were evaluating sonarqube developer edition 8.1.0, the main reason for us to move from community editon to developer edition was pull request decoration feature.
So can we know from which version this feature was removed/issue has been started?, so that I can downgrade to that version to get this feature.

Had created issue for the same here.

Will this be added back to SonarQube as well?

Our issue was that if the PR check passed but there were still minor issues that didn’t fail the quality gate, then they would go unnoticed (who’s going to click on the details of a passing PR check?). Therefore our only options were to leave uncaught minor issues unfixed, or change the quality gate to make minor issues a failing condition (which is annoying because there are a lot more false positives).