Sonarqube in Azure pipeline rescans C++ pull request code as though it is the first analysis of repo

  • Which versions are you using:
    Sonarqube server * Enterprise Edition* v2025.1 (102418)
    Azure Devops in the cloud, with pipeline agents on local machines
    BitBucket Cloud for code repos
  • how is SonarQube deployed:
    Zip on local agent machine
  • what are you trying to achieve:
    Integrate Sonarqube into CI/CD pipeline
  • what have you tried so far to achieve this
    Set up pipeline and followed guides online to try to get things working.
    Manually ran analysis on branch code is being merged into

So I managed to integrate Sonarqube into our pipeline so far but running it is taking an hour and a half every time even for pull requests that are only changing single files.
It took me a number of tries to even get sonarqube to recognize pull requests.
Other people in the company who are using C# and using the .net scanner instead of the cli scanner don’t seem to be having this problem, but the project I am working on is using VSBuild to build C++.

Here are the relevant sections of the azure pipeline:

The checkout options:

      # Checkout the repository
      - checkout: self
        fetchDepth: 0
        submodules: true

SonarQube Prepare options:

     # analyze with sonarqube
      - task: SonarQubePrepare@7
        inputs:
          SonarQube: 'SonarQube integration'
          scannerMode: 'cli'
          configMode: 'manual'
          cliProjectKey: $(SonarQubeKey)
          cliProjectName: projectName
          cliSources: '.'
          ${{ if eq( variables['Build.Reason'], 'PullRequest' ) }}: 
            extraProperties: |
              sonar.pullrequest.key=$(System.PullRequest.PullRequestId)
              sonar.pullrequest.branch=$(System.PullRequest.SourceBranch)
              sonar.pullrequest.base=$(System.PullRequest.TargetBranchName)
          ${{ else }}: 
            extraProperties: sonar.branch.name=$(Build.SourceBranchName)

Analyze and publish:

      - task: SonarQubeAnalyze@7
        inputs:
          jdkversion: 'JAVA_HOME'

      - task: SonarQubePublish@7
        inputs:
          pollingTimeoutSec: '1000'

Hey there!

First things first, you shouldn’t need any of these.

These are all automatically set by the Extension for Azure DevOps (here’s the code, you can see it’s based on the same env variables you’re using)

If that’s not what’s happening, I wonder what else could be going wrong. Are there any warnings in the analysis logs about the detection of changed files/lines?

Keep in mind that incremental analysis only does so much, and there are certain conditions for it workign (like having a recent analysis of the target branch). You can read more here.

There is also some additional configuration you can add, such as experimental incremental symbolic execution and adjusting how many threads are used for analysis.

Huh, I could have sworn when I initially set it up it kept complaining that it couldn’t get the branch info from bitbucket but I did some experimentation over the last few days with removing the parameters passed in and it just started to work after I removed all the extra properties. Maybe I was passing in the parameters wrong somehow?

1 Like