Sonarqube + Bitbucket Cloud + Pull request decoration

kevin.wong · May 7, 2021, 11:15am

Hi, I am working to enable pull request decoration. I am having Sonarqube Developer EditionVersion 8.9 (build 43852) and my project repo is in Bitbucket Cloud. The scanning is planned to trigger by Jenkins instead of using Bitbucket pipeline.

So far what i had done are,

Follow “Adding Pull Request decoration to Bitbucket Cloud” in Bitbucket Cloud Integration | SonarQube Docs
Run below command to scan (want to try call command manually before go for Jenkins plugin)
dotnet sonarscanner begin /k:“myproject” /d:sonar.login=“xxxxxxxx” /d:sonar.host.url=“http://localhost:9000” /d:sonar.pullrequest.branch=“mypullrequest” /d:sonar.pullrequest.base=master /d:sonar.pullrequest.key=1

dotnet build

dotnet sonarscanner end /d:sonar.login=“xxxxxxx”

The scan run successfully and found security hotspots. But I didn’t see comment added in my pull request. It has SonarQube in the report section,

When clicked, it show below.

Is this feature of pull request decoration supposed to? It looks different from this video Atlassian Bitbucket Pull Request/Branch Decoration with SonarQube - YouTube

Can i get some detail guides to setup pull request decoration?

OlivierK · May 7, 2021, 3:47pm

Hello @kevin.wong,

Your Bitbucket cloud PR decoration integration is correct.
The reason why you don’t have more decoration than what you see is that you only have Security Hotspots (that do not require a code change but a review). If your PR has any Bugs, Vulnerabilities or Code Smells, then there is a bit more decoration with:

A list of issues like below:

image1925×1164 147 KB
If you click on the file of a given issue, some inline comment where the problem is, like below:

image2213×1399 274 KB

PS: The video you’re referring to is about BitBucket Server PR decoration which is a completely different product and where the capabilities compared to BitBucket Cloud may diverge at some point (BitBucket cloud is more likely to provide richer features in the long term. Atlassian announced recently the would no longer sell BitBucket Server to new customers, so one can expect the development will slow down).