SonarQube Bitbucket Enterprise PR Decoration

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube EE 8.9

  • what are you trying to achieve
    Decorate Pull Requests on Bitbucket server

  • what have you tried so far to achieve this
    SonarQube is configured and the PR config is set on the project as well as the Code Insights.

Our workflow is quite simple… Feature branches --PR–> Develop branch --PR–> Main branch

We don’t care about the feature branch PRs, since we only keep develop and main branch in sonarQube. Also we store the code in Bitbucket server but we build and run sonar scanner in Gitlab, not Bamboo.

We run the develop branch and get the analysis, however after creating a PR this is not decorated and shows the following message:

Report with key ‘com.sonarsource.sonarqube’ has not yet been created

We don’t run PR builds, only after the PR is merged do we run the Main branch build.

My question, is does the SonarQube integration require a new PR build? Is there a way to configure it to take the develop branch results and apply it for compliance of Quality Gate?

Hey there.

Pull Request Analysis and PR Decoration will require that a PR build occurs that includes SonarQUbe analysis.

Thank you Colin, in that case we will have to add an extra build step for all PR in our workflow.

Not what I was expecting, since this will slow us down significantly to merge PRs, usually we only merge to master/main when there is a release to be done, but if there is no other way, we will have to slow down the Merge process and wait for the sonar results.

Hi again Colin,

After creating an additional step we have the sonarqube PR result, however we are facing the following message

Failed to create Bitbucket Server Quality Report for commit SHA '039977aa1615999470a2ebbfcbe1f245fae5492e’

We are on

  • Enterprise Edition
  • Version 8.9.1 (build 44547)

In other words the PR scan data is on sonarqube instance but the PR is still not decorated.

Any idea why this would be the case? Thanks.

Found the problem with this… the scanner was picking up the gitlab SHA instead of the project SHA. after setting

sonar.scm.revision to the package SHA it worked :wink:

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.