SonarQube to sent notifications mail to codeowner as he commit the code in gerrit.Is there a mechanism to do so as i am using a shared setup of SQ and i am not the admin for SQ.I have integrated my SQ via SQ cli to gerrit

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • what are you trying to achieve
  • what have you tried so far to achieve this

SonarQube to sent notifications mail to codeowner as he commit the code in gerrit.Is there a mechanism to do so as i am using a shared setup of SQ and i am not the admin for SQ.I have integrated my SQ via SQ cli to gerrit.

Hi,

don’t understand why you want an additional notification mail when pushing code to gerrit !?
The user is pushing his code, he already gets feedback from his IDE, git bash … whether
or not the push was successful.
I guess you need to check the notfication mail features in Sonarqube, see
https://yoursonarinstance/account/notifications

you didn’t mention your Sonarqube version, with Sonarqube 7.9.1 it looks like that

sq_notification

My new issues means you’ll get notified if your commits raise issues.

Sonarqube uses the git blame info, so be sure you configured a proper email adress
in your git config. If git blame info is available the issue will be assigned to the committer.
You may use the notification overall = works for all projects you have permissions for or per project.

Hi Gilbert thank you for your response.

don’t understand why you want an additional notification mail when pushing code to gerrit !? :-- my concern was regarding SQ code scan notification,when we push or commit in gerrit.

my SQ version is Version 6.7.7 (build 38951).

My new issues means you’ll get notified if your commits raise issues. :—means notification will be there if only commit raises an issue wit code analysis??if in case commit and code is fine there wont be any notications right??

Also is there any mechanism to check below issues in codes or xml files.
Security check for sensitive data stored as plain text in xml files,eg:-- password in plain text instead of encrypted password.

BR//
Rohit

Hi,

as 6.7.7 is EOL for a longer time already you should update to at least 7.9.3 LTS or the latest 8.4.1
expected soon.

Why bother users with even more mails when there are no issues !?
The Sonarqube analysis typically runs as part of a build and your buildserver (Jenkins …)
has several notification features you may use, i.e. send a mail after every build.

If you want immediate feedback, you’re also able to check your files before git push with a local
Sonarqube scan, i recommend using the Sonar Lint plugin, available for all major IDEs, see https://www.sonarlint.org/

Some teams aggregate metrics from different tools for presenting on a monitoring wallboard.
see https://yoursonarinstance/web_api for the Sonarqube web api docs.

Please don’t mix different postings, answered your question about security check in the original thread.

Gilbert

Thanks!! Gilbert for your analysis & response.