SonarQube integration with Gitlab

Hi Team,

We are using the SonarQube 8.4.1 developer edition. Now we have integrated with the Jenkins build. We are able to see the defect and bug in the SonarQube. Now we are tying to integrate the Sonarqube with the Gitlab, So that developer can see the bug in the Gitlab and fix it. We notice that their is no gitlab plugin in the SonarQube market place and we have downloaded the plugin from the url and when we try to build the Jenkins job we got the below error.

ERROR: Error during SonarScanner execution
10:13:10 org.picocontainer.injectors.AbstractInjector$UnsatisfiableDependenciesException: com.talanlabs.sonar.plugins.gitlab.CommitPublishPostJob has unsatisfied dependency ‘class com.talanlabs.sonar.plugins.gitlab.ReporterBuilder’ for constructor ‘public com.talanlabs.sonar.plugins.gitlab.CommitPublishPostJob(com.talanlabs.sonar.plugins.gitlab.GitLabPluginConfiguration,com.talanlabs.sonar.plugins.gitlab.SonarFacade,com.talanlabs.sonar.plugins.gitlab.CommitFacade,com.talanlabs.sonar.plugins.gitlab.ReporterBuilder)’ from org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer@3caa4757:285<[Immutable]:org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer

Could you please help on this. And let me know, is any configuration is else missing in the steps.


Hi @nagaraj.koppa,

Since the 8.0 release of SonarQube (we are now at 8.4), we have been working on the integration with Gitlab.

On 8.4 Developer Edition, you should be able to onboard projects from Gitlab to SonarQube, decorate Merge Requests and even block the merge if the SonarQube Quality Gate is failed.. You don’t need any additional plugin like before to do all of these actions.

Let us know if you need help after having followed the documentation steps.


PS: the plugin you mentioned is not compatible with SonarQube 7.6+

Hi Carine,

We are using the Jenkins for the CI/CD pipeline. And Gitlab for the source control.
Could you please help me, we need to get the SonarQube results in the Gitlab.


Did you follow the docs I’ve sent?

If yes, where is the error on your side? what did you try to achieve and couldn’t make it work ?


Hi Carine,

Yes, I have fallowed the below steps:

GitLab Self-Managed and

Setting your global settings

To set your global settings in SonarQube, navigate to Administration > Configuration > General Settings > ALM Integrations and select the GitLab tab.

And I have created the Pull request in the Gitlab and in Jenkins I clicked on ‘scan the multibranch pipeline’

I saw the Merge branch in the Jenkins Job

I got the below error for the Merge request branch Job.

ERROR: Couldn’t find any revision to build. Verify the repository and branch configuration for this job. ERROR: Maximum checkout retry attempts reached, aborting


Hi Carine,

Could you please provide me the update.


Hi Nagaraj,

The error you reported most recently is unrelated to MR analysis and decoration.

It looks like the CI is unable to checkout and build your code. That’s a necessary prerequisite for MR analysis and decoration, but not in the same scope. We’re not going to be able to help you with the part of your pipeline that checks out and builds your code.


Hi Ann,

We would like to have an automated way of raising issues in Jira or GitLab for defects or vulnerability found by SonarQube scanner.

Can we implement this feature. Could you please help me on this.


Many, many years ago, we went down that path. After not too long, we decided it was a bad idea and ripped out the integration points. Why? Well, not every issue that’s raised needs to be fixed. Not every issue that’s raised deserves its own individual ticket (some can be fixed en masse). A misconfiguration could cause an analysis to raise hundreds of new issues (flooding Jira) that are then automatically closed when the configuration is corrected (but probably not being closed in Jira).

In short, if you want to write an external system to pull issues from SonarQube and create tickets, I guess you can use the web services to pull the data you need. But we advise against it.