SonarQube doesn't leave comments in Gitlab MR decorations

hypercolored · March 26, 2025, 12:16pm

Must-share information (formatted with Markdown):

which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension): 10.8 (Enterprise)
how is SonarQube deployed: zip
what are you trying to achieve: see below
what have you tried so far to achieve this: see below

Hello!

I’ve integrated some of my SonarQube projects with Gitlab in order to get my merge requests decorated. What I see is that besides QG status and very small amount of info there are no useful information about what’s wrong or not with my code.
Here’s how my job looks like:

sonarqube_check_merge_request:
  stage: sonarqube
  image: "$GRADLE_IMAGE"
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"'
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
    PROXY_EXCLUDE: "something, something"
    GIT_FETCH_EXTRA_FLAGS: --depth=10000
  cache:
    - key: gradle
      paths:
        - build/libs/*.jar
    - key: "${CI_JOB_NAME}"
      paths:
        - .sonar/cache
  script:
    - "gradle 
      -Dhttp.nonProxyHosts=${PROXY_EXCLUDE} 
      -Dhttps.nonProxyHosts=${PROXY_EXCLUDE} sonarqube
      -Dsonar.host.url=${SONAR_HOST_URL}
      -Dsonar.login=${SONAR_LOGIN}
      -Dsonar.projectName=${CI_PROJECT_PATH}
      -Dsonar.projectKey=${CI_PROJECT_NAME}
      -Dsonar.pullrequest.key=${CI_MERGE_REQUEST_IID}
      -Dsonar.pullrequest.branch=${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}
      -Dsonar.pullrequest.base=${CI_MERGE_REQUEST_TARGET_BRANCH_NAME}
      -Dsonar.qualitygate.wait=true
      -Dsonar.java.binaries=build/libs/*.jar
      -Dsonar.exclusions=**/*.sql"

Now, when the merge request pipeline finishes, I see the following report in Activities (and nothing else at all):

screenshot

What I expect is that Sonar must create at lease one more comment which will explain what exactly is wrong with the code. Can’t figure out why it doesn’t do that, I used to see that on another, older installation at my previous workplace.
I’m trying to solve the problem of developers needing to visit SonarQube web interface each time the get negative score from QG checks. It would be really handy if they just could look in the comments.

Did something change? Did I misconfigure something?

Colin · March 27, 2025, 9:35am

Hey there.

What you see is the result of MR decoration. Currently, SonarQube does not leave individual comments for issues – it only leaves the summary comment.

Topic		Replies	Views
Sonarqube decoration not working on Gitlab SonarQube Server / Community Build	26	981	November 27, 2023
GitLab merge request integration SonarQube Server / Community Build sonarqube , gitlab , pull-request	5	11195	July 21, 2020
Gitlab MRs sonarqube comment SonarQube Server / Community Build sonarqube , gitlab , pipeline	3	672	April 4, 2023
Gitlab merge request decorator SonarQube Server / Community Build	6	1057	June 10, 2022
Gitlab merge request decoration SonarQube Server / Community Build sonarqube , gitlab , pull-request-decorat	3	24	March 21, 2025

SonarQube doesn't leave comments in Gitlab MR decorations

Related topics