Hi,
I am using SonarQube 9.0 developer version (local/In-house setup). And I need to run analysis on GitHub (Cloud) → Pull Request.
Is this possible that i can see all GitHub PR and scan inside SonarQube - Local ? Not other way (there are some heavy dependency on code which we can’t move along source code). My Sonar local setup does not support HTTPS. Does it support only HTTPS ?
Why do we need to build source code, is it not Static code analysis ?
So far i able to run analysis on particular branch, but no luck on GitHub-> Pull Request. I don’t know how/where to configure below tags:
sonar.pullrequest.key
sonar.pullrequest.branch
sonar.pullrequest.base
Yes, GitHub.com is supported for PR analysis & decoration. The docs may help.
Fair question. It is static analysis. And building is only required for some language and the reason for the requirement varies by language:
Java - analysis uses/reads both the .java files and the compiled .class files
C, C++, Objective-C, C# - analysis eavesdrops on the build to gather the configuration information needed for a full/correct analysis. We’ve built this mechanism because fully/correctly configuring projects in these languages manually is prohibitively difficult.
Thanks for reply. I have configured GitHub ALM setting using authentication App but still not able to login in SonarQube with GitHub option.
I have added below settings in GitHub->Settings->Developer settings->GitHub Apps->General->Identifying and authorizing users field:
Homepage URL: created public server name in SonarQube “https://sonarqube.xyz.com/sonar”
Callback URL: my local SonarQube instance 11.226.18.13:9000
Still not able to connect GitHub, logs says “troubleshooting-authorization-request-errors”. Am i missing anything here ?