Stop sonarcloud from spamming comments for each finding in our pull requests

We are using azure pipelines to integrate sonarcloud. We’ve added the prepare, analyse and publish tasks for PR builds and would like to use a quality gate for pull requests. This all seems to work fine, however, our pull requests now get spammed with comment about each and every issue that sonarcloud finds in the PR changes. Furthermore, sonarcloud creates these comments for each and every push to the PR (which triggers a build). In the project settings under pull requests, I don’t even have a provider specified. What is the way to avoid sonarcloud from spamming our pull requests? Ideally, I would want sonarcloud to add 1 comment stating how many code smells etc. were found.

1 Like

Hello @PaulVrugt !

Thanks for reaching us :wave:

I’ll attempt to reproduce the behavior you are describing to understand better what might be the issue here. In the meantime, feel free to add any extra information you consider that helps me to observe the problems you described.

I’ll keep you posted.

Hello,

I found out that when I enable PR integration for azure devops and set a bogus PAT, it stops making comments. Ideally we would like the integration to simply post 1 comment with a summary, but that only seems possible with github for some reason.

This workaround works for us now, but it seems very strange that the integration posts comments on the PR without PR integration enabled

Hello @PaulVrugt

I want to let you know I haven’t forgotten about you so thank you very much for your patience while waiting on my reply.

I have discussed this internally with the team and, indeed, the behavior you described is a known limitation due to the current implementation. We have captured it to work on it once it’s prioritized although it’s not planned to do it anytime soon.

In the meantime, you can continue with the workaround.

Hello! any updates on how to disable SonarCloud from adding comments in the PR for each finding?

For me the issue here is that sonar leaves comments for each finding regardless of if it was on a line of code that was changed in the PR. For example, in some legacy system where you have a file with thousands of lines of code and you tweaked one line it ends up leaving hundreds of comments completely irrelevant to the code that’s being changed. Is there any setting to make sonar only comment on lines of code that were changed?

If I want to see all the issues I’d go to the project in sonar. There is no reason to report them all in a PR.

The title and tag should clarify, this is a general issue with sonar-cloud and GitHub, not only azure.

The proper solution is to check if there is an existing comment on the PR, in which case update that comment. This will limit the spam emails from sonarcloud. This is already partially done because the old comments are found and deleted. The logic needs to change to update the comment instead.

I cannot yet mention @aura, but if you catch this, could you pass this comment and update on the status?