I am using Sonar enterprise version 8.7. Soon to upgrade to 8.9, and I have a question that has frustrated me for a while now,
Is it possible to somehow get analysis reports for a specific commit? I’ve been able to configure branch analysis but there seems to be a further requirement to drill further and get reports for each commit.
The reason is this, if there are two people committing, and one commit has issues while the other doesn’t have any issues; if the one with issues runs first followed by the one without issues, the report won’t show any issues when looked at.
So basically, even with branch analysis, is it possible to somehow drill further down and get reports for actual commits?
I’d suggest reframing the question. If you’re doing branch analysis and one analysis’ results is immediately clearing out the results from the previous analysis, it doesn’t sound like your New Code period is set correctly. I’d expect after 2 back-to-back analysis runs that issues stemming from both commits would be displayed unless one of the commits caused your New Code period to reset (e.g. you released a new version and versioning is the basis of your New Code definition).
I’d revisit this documentation topic and inspect your New Code settings and see if you can identify a meaningful change to make here. If not please come back with details of how you have New Code and the analysis set up for the branch.
Thanks a lot for your response and apologies for not phrasing my question properly.
I know SonarQube performs branch analysis, as I have this setup already.
What I’m wondering is whether it’s possible to get analysis reports per commit and not just per branch.
This way I can tell what particular commit might have introduced a vulnerability or issue.
I’ll have a look at the NewCode documentation to see if anything jumps out at me.
But do you know if reports per commit is a thing and how I can get these reports saved/exported per build?
You don’t need a separate report per commit in order to tell which commit caused an issue. Simply drill in to see the issue in the context of the code and the commit info will be in the margin of the code browser.
Thanks a lot.
My issue is that I’m dealing with a slightly unyielding finance sector client.
In our setup; a scan/analysis is performed each time there is a commit to the code base and the client would like a report generated for each scan. Something they can access by just clicking a link.
Is this even possible at all?
I know it was possible in older versions of SonarQube with HTML reports but this doesn’t seem to exist anymore.
I just need to know if it’s possible and if there’s any documentation on it, as I’m at my wit’s ends now.
Also, apologies if this sounds dumb, but what do you mean by
Simply drill in to see the issue in the context of the code and the commit info will be in the margin of the code browser
I’m looking at my SonarQube server under the Project and Branch in question and I don’t see any commit information anywhere.
I confirm that nothing like instant HTML reports or “preview mode” results are available anymore. All analyses are finalized asynchronously on the SonarQube server.
If you truly need to see the dashboard frozen for an individual commit, the only option I can really think of is to enforce 1 commit per branch. Consider using pull requests for each individual change and the dashboard for the PR would be exactly what you’re asking for.
When you click on any issue metric (bugs, vulnerabilities, code smells) you’ll be taken in to the Issues tab of the project to see the issues displayed. If you click on the individual issue, you’ll then see it displayed in the context of its code. Now the commit info is over on the side.
