Suggested workflow with Jenkins driving SonarQube to solve bugs

Must-share information (formatted with Markdown):

  • which versions are you using : SonarQube 7.9 (build 26994)
  • what are you trying to achieve: I have some detected bugs detected by the SonarQube scanner
  • what have you tried so far to achieve this: Started to analyze them :slight_smile:

Hi all. I have setup SonarQube to be run via Jenkins on any branch I choose.
I have see that my master branch of a certain C-based project has a 10 bugs detected. But what is the suggested workflow for me and my developers?

First I like to make a git bugfix branch for one of the bugs e.g. bugfix/fix-bug1
I can then also run my Jenkins job for the bugfix/fix-bug1 branch where I setup the Jenkins job to use

BRANCH=echo ${GIT_BRANCH} | cut -d / -f 2-
echo “Scanning for ${BRANCH}”
sonar-scanner${BRANCH} …

I added a simple fix for one of the bugs and put that on the workbranch bugfix/fix-bug1.

This works nicely but SonarQube just shows that the new branch bugfix/fix-bug1 has no new bugs.
I expected and hoped that I could verify that bugfix/fix-bug1 REMOVED a bug relative to master. That is not shown/indicated in any way.

If then tried to merge the fix I find - as expected - the my error count goes from 10 to 9. Good!

But I badly need/like that sonar-scanner can show the error count per branch - so I can verify fixes before merging to master.

Am I missing something?


You’re not missing anything. We haven’t gotten there yet:

MMF-1474 - Show the number of issues fixed by Short-lived branches and PRs


Thanx a lot @ganncamp - you are most welcome to place a +1/thumbs up in that ticket (even link to this one).

So for now we have to merge the fix to master - then run the scanner and “hope” that we fixed the problem - and re-iterate until the fix works?


SonarLint should be able to help here. Since it raises issues in-IDE, you just need to keep coding until the red squigglies go away.


1 Like

he he - does it work in Emacs too :slight_smile:

1 Like

@ganncamp as a workaround I can (for now) misuse the long-lived branch names in SonarQube where you apparently do compute the same bug number as for master

Just be aware that you’ll have to handle the cleanup (i.e. eventual deletion) on those branches manually.


Can someone from SonarQube check whether
is in a released developer version of SonarQube?

@peter.toft, it’s in 8.1.

I can report that SonarQube 8.1 (with the fix indeed solves the problem I raised. Thanx @ganncamp for helping

1 Like