SonarCloud not annotating PRs

  • Azure DevOps
  • C#

I started analyzing a new project and everything seems to be working fine and I can see the results in SonarCloud, however the PR is not being annotated. The Status Check is enabled as required on the branch policies and the quality gate is reporting a failure on SC (as expected) but the PR can still be integrated.

Here’s the yaml to prepare the analysis

- task: SonarCloudPrepare@1
  displayName: 'Prepare analysis on SonarCloud'
  condition: eq('${{ parameters.RunSonarCloudScan }}', true)
  inputs:
    SonarCloud: SonarCloud
    organization: '$(SonarCloudOrganizationKey)'
    projectKey: '$(SonarCloudProjectKey)'
    projectName: '$(SonarCloudProjectName)'
    extraProperties: |
      sonar.exclusions=**/obj/**,**/*.dll,**/*.exe,**/*.sql
      sonar.cs.opencover.reportsPaths=$(Agent.TempDirectory)/**/coverage.opencover.xml
      sonar.cs.vstest.reportsPaths=$(Agent.TempDirectory)/**/*.trx
      sonar.projectVersion=1.$(Build.BuildNumber)
      sonar.pullrequest.provider=vsts
      sonar.pullrequest.vsts.token.secured=**************

Hey there.

  1. To start, neither of these should be provided as analysis parameters.
  2. Have you made sure that Pull Request Analysis is actually being run (do you see the results for a specific pull request in SonarCloud?)
  3. Have you provided a valid token either at the organization level (Administration > Organization Settings) or at the project-level (Administration > General Settings > Pull Requests)?

Thank you, this worked. Just one last follow up question

Is there a way to configure the provider and the token through the pipeline?

We’re trying to make development teams as independent as possible and they don’t all have access to SonarCloud, even though we still need someone to create the Projects for the teams, the more work is distributed across teams the better it is for us. We were hoping that someone just needs to go into SonarCloud to create the project and set the main branch.

There is not. But if you have a token defined at the organization level, it doesn’t need to be set per-project.

Thanks, that’s what I ended up doing.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.