We are using azure pipelines to integrate sonarcloud. We’ve added the prepare, analyse and publish tasks for PR builds and would like to use a quality gate for pull requests. This all seems to work fine, however, our pull requests now get spammed with comment about each and every issue that sonarcloud finds in the PR changes. Furthermore, sonarcloud creates these comments for each and every push to the PR (which triggers a build). In the project settings under pull requests, I don’t even have a provider specified. What is the way to avoid sonarcloud from spamming our pull requests? Ideally, I would want sonarcloud to add 1 comment stating how many code smells etc. were found.
Hello @PaulVrugt !
Thanks for reaching us
I’ll attempt to reproduce the behavior you are describing to understand better what might be the issue here. In the meantime, feel free to add any extra information you consider that helps me to observe the problems you described.
I’ll keep you posted.
I found out that when I enable PR integration for azure devops and set a bogus PAT, it stops making comments. Ideally we would like the integration to simply post 1 comment with a summary, but that only seems possible with github for some reason.
This workaround works for us now, but it seems very strange that the integration posts comments on the PR without PR integration enabled
I want to let you know I haven’t forgotten about you so thank you very much for your patience while waiting on my reply.
I have discussed this internally with the team and, indeed, the behavior you described is a known limitation due to the current implementation. We have captured it to work on it once it’s prioritized although it’s not planned to do it anytime soon.
In the meantime, you can continue with the workaround.
Hello! any updates on how to disable SonarCloud from adding comments in the PR for each finding?
For me the issue here is that sonar leaves comments for each finding regardless of if it was on a line of code that was changed in the PR. For example, in some legacy system where you have a file with thousands of lines of code and you tweaked one line it ends up leaving hundreds of comments completely irrelevant to the code that’s being changed. Is there any setting to make sonar only comment on lines of code that were changed?
If I want to see all the issues I’d go to the project in sonar. There is no reason to report them all in a PR.