SonarQube Pull Request Decoration with BitBucket

Hi Joe
I have another branch named develop_us apart from original one i.e develop having same code.
develop_us branch got scanned and got its report in bitbucket. but those PR changes yet not approved.

Can you please give me clarity before sonar-scanner scan it how report got reflected in bitbucket



@ashishb : nice! Bitbucket PR decoration is working now! Right now, it shows 0 issues and security hotspots. Do you have any actual bugs/issues you want to test with? Jenkinsfile is Groovy, so you won’t see any scanning done there. Do you have a Java file you can add an intentional bug just to test things?

You can add this method and it should trigger a java:S106 code smell:

  void sayHello() {
    System.out.println("Hello World!");
  }

Then scan your pull request again to see the issue and SonarQube annotation showing that code smell issue in your PR in Bitbucket.

Your SonarQube screenshot shows the “develop_us” branch, but your Bitbucket PR is showing the “Ashish-Battise/jenkinsfile-edite…” PR branch, so SonarQube is automatically scanning your PR now.

You can change to the PR branch in SonarQube by clicking on the drop-down and finding your PR branch:

Hi Joe
I can see Bitbucket Decoration for few PR request, for rest it does not reflect.
Any reason for such behavior.

Let’s see an example of when it fails:

  1. Set DEBUG level for the sonar-scanner command (add sonar.verbose=true or -X)
  2. Set DEBUG level on SonarQube (log in as admin, go to Administration > System > Logs level > change it to DEBUG)
  3. Trigger a PR build
  4. Once complete, revert to INFO level on SonarQube (log in as admin, go to Administration > System > Logs level > change it to INFO).
  5. On this same screen, click on Download Logs and select all 5 log files to download them
  6. Download your console output logs from your CI tool
  7. Zip the SonarQube server logs and the build/scanner/CI log together
  8. Attach it here.
  9. If you prefer a private message, we can do that too. Just let me know.

These logs (from the client side and server side) will help us look at what could be causing the issue.

Hi Joe

Sonarqube data is not reflecting in report in bitbucket for any of PR

Do you have actual issues in your pull request? Please add some dummy bugs to check and see if an issue is triggered.

As mentioned in my previous post, please provide the following info. Let’s see an example of when it fails:

  1. Set DEBUG level for the sonar-scanner command (add sonar.verbose=true or -X)
  2. Set DEBUG level on SonarQube (log in as admin, go to Administration > System > Logs level > change it to DEBUG)
  3. Trigger a PR build
  4. Once complete, revert to INFO level on SonarQube (log in as admin, go to Administration > System > Logs level > change it to INFO).
  5. On this same screen, click on Download Logs and select all 5 log files to download them
  6. Download your console output logs from your CI tool
  7. Zip the SonarQube server logs and the build/scanner/CI log together
  8. Attach it here.
  9. If you prefer a private message, we can do that too. Just let me know.

Hi Joe
sorry for no response for long
I’m looking it should show Code Coverage and rest of thing, any particular reason we are just looking for Bugs to get added to verify

Now you are on a new topic about code coverage :smile:

Please do as I said in my last post:

  1. Set DEBUG level for the sonar-scanner command (add sonar.verbose=true or -X)
  2. Set DEBUG level on SonarQube (log in as admin, go to Administration > System > Logs level > change it to DEBUG)
  3. Trigger a PR build
  4. Once complete, revert to INFO level on SonarQube (log in as admin, go to Administration > System > Logs level > change it to INFO).
  5. On this same screen, click on Download Logs and select all 5 log files to download them
  6. Download your console output logs from your CI tool
  7. Zip the SonarQube server logs and the build/scanner/CI log together
  8. Attach it here.
  9. If you prefer a private message, we can do that too. Just let me know.