SonarQube Enterprise/BitBucket/Jenkins - Decorate PR failed

Elements:

  • SonarQube Enterprise:8.3
  • Bitbucket Server/Enterprise:7.1
  • Jenkins Server

Goal

  • Implement PR based SonarQube analysis with PR decoration
  • Bitbucket PR -> via webhook -> Jenkins -> SQ
  • Jenkins invokes the analysis successfully to SQ (I see the results in SQ)
  • No comments/Decorations in the PR

What I have done

Jenkins Config

${scannerHome}/bin/sonar-scanner -Dsonar.host.url=https://sonarqube.domain.com
Dsonar.bitbucket.branchName=${PR_BRANCH}
Dsonar.bitbucket.branchName=${PR_BRANCH} 
Dsonar.pullrequest.branch=${PR_BRANCH}
Dsonar.pullrequest.key=${pr_id} 
Dsonar.pullrequest.base=${TARGET_BRANCH}"

sonar-project.properties File

sonar.projectKey=Infosec-agate-AgencySettings-test
sonar.projectName=InfoSecagate-AgencySettings-test

sonar.sources=src
sonar.sourceEncoding=UTF-8
sonar.exclusions=*/_tests/,*/tests_//,*/vendor//,*/build/,*/build//,*/Tests/,*/Tests//,*/JsTests/,*/JsTests//,*/node_modules//,*/cypress//,*/cypress/

sonar.tests=src
sonar.test.inclusions=*/Tests//,*/JsTests//,*.spec.js

sonar.php.coverage.reportPaths=build/php/coverage-clover.xml
sonar.javascript.lcov.reportPaths=build/js/coverage/lcov.info

I have been reading the documents (SonarQube) and general Internet, I don’t know where else to look to troubleshoot and if I am missing additional runtime parameters

Hi @cjbischoff,

It looks like you might have missed that we have specific support for Jenkins to auto-detect the PR context and set the scanner parameters for you. It depends upon usage of the Bitbucket Branch Source plugin on the Jenkins side, as the link mentions.

Also note that in SonarQube 8.4, there’s been additional improvement to help automate the setup of Bitbucket-based projects to ensure everything is correct. Since you haven’t gotten this working yet, you might consider upgrading to 8.4.1 and then trying this using the new project wizard.

@Jeff_Zapotoczny I reviewed this https://docs.sonarqube.org/8.3/analysis/jenkins/ and I don’t see any mention of Bitbucket Branch Source plugin only SonarScanner for Jenkins

To confirm you are speaking to about the SonarScanner for Jenkins plugin?

I meant what I said. In the 3rd paragraph on the page:

Depending on your ALM provided, you’ll need the BitBucket, GitHub, or GitLab Branch Source plugin.

I was under the impression SQ/Enterprise/8.3 supported native PR decoration

It does. But the configuration of that decoration is made easier on the Jenkins side if you use a combination of a standard branch source plugin for your particular ALM in conjunction with our plugin.

To confirm - I am using/have deployed the Jenkins Plugin for SonarQube - https://plugins.jenkins.io/sonar/, but I am using a Pipeline script

Thanks for confirming; what I am trying to make clear is that if you additionally use the Bitbucket Branch Source plugin and define a multibranch pipeline, the configuration of branch/PR parameters will be done automatically for you.

@Jeff_Zapotoczny

With that approach (multibranch pipeline) we are completely dependent on Jenkinsfile to identify branches and PRs whereas currently we have the flexibility to scan any repo using generic webhook on jenkins for invoking SQ builds