Sonarqube + Bitbucket Cloud + Pull request decoration

SonarQube
1

Hi, I am working to enable pull request decoration. I am having Sonarqube Developer EditionVersion 8.9 (build 43852) and my project repo is in Bitbucket Cloud. The scanning is planned to trigger by Jenkins instead of using Bitbucket pipeline.

So far what i had done are,

  1. Follow “Adding Pull Request decoration to Bitbucket Cloud” in Bitbucket Cloud Integration | SonarQube Docs

  2. Run below command to scan (want to try call command manually before go for Jenkins plugin)
    dotnet sonarscanner begin /k:“myproject” /d:sonar.login=“xxxxxxxx” /d:sonar.host.url=“http://localhost:9000” /d:sonar.pullrequest.branch=“mypullrequest” /d:sonar.pullrequest.base=master /d:sonar.pullrequest.key=1

    dotnet build

    dotnet sonarscanner end /d:sonar.login=“xxxxxxx”

The scan run successfully and found security hotspots. But I didn’t see comment added in my pull request. It has SonarQube in the report section,
image

When clicked, it show below.

image
image1189×455 17.3 KB

Is this feature of pull request decoration supposed to? It looks different from this video Atlassian Bitbucket Pull Request/Branch Decoration with SonarQube - YouTube

Can i get some detail guides to setup pull request decoration?

3

Hello @kevin.wong,

Your Bitbucket cloud PR decoration integration is correct.
The reason why you don’t have more decoration than what you see is that you only have Security Hotspots (that do not require a code change but a review). If your PR has any Bugs, Vulnerabilities or Code Smells, then there is a bit more decoration with:

PS: The video you’re referring to is about BitBucket Server PR decoration which is a completely different product and where the capabilities compared to BitBucket Cloud may diverge at some point (BitBucket cloud is more likely to provide richer features in the long term. Atlassian announced recently the would no longer sell BitBucket Server to new customers, so one can expect the development will slow down).

1 Like