TFS Pull Request Decoration Not Working


We have recently deployed SonarQube 7.7 Developer and are having issues with the TFS Pull Request Decoration not working.

The following has been configured in SonarQube:

General Tab

  • sonar.core.serverBaseURL is set to the base url of SonarQube including the port number

Pull Request Tab

  • sonar.pullrequest.provider is set to VSTS/TFS
  • sonar.pullrequest.vsts.token.secured configured with a TFS User Token

The following has been configured in TFS:

  • A User Token ( created by a BUILTIN Admin) and has been tested with All Scopes enabled and just the Code (read and write) enabled
  • Build for project contains the Prepare Analysis Configuration and Run Code Analysis tasks and are using v4.* of the task.
  • A build policy has been setup on the master branch to use the gated build definition

When the build takes place the required keys in the Run Code Analysis log are shown to be populated (replaced some values below with X’s)

2019-04-10T12:25:09.3251334Z sonar.projectKey=XXXXXXXXXX
2019-04-10T12:25:09.3251334Z sonar.projectName=XXXXXXXXXX
2019-04-10T12:25:09.3251334Z sonar.projectVersion=1.0
2019-04-10T12:25:09.3251334Z sonar.pullrequest.key=25370
2019-04-10T12:25:09.3251334Z sonar.pullrequest.base=master
2019-04-10T12:25:09.3251334Z sonar.pullrequest.branch=sonarqube_test
2019-04-10T12:25:09.3251334Z sonar.pullrequest.provider=vsts
2019-04-10T12:25:09.3251334Z sonar.pullrequest.vsts.instanceUrl=http://XXXXXXXXXX:8080/tfs/DefaultCollection/
2019-04-10T12:25:09.3251334Z sonar.pullrequest.vsts.project=XXXXXXXXXX
2019-04-10T12:25:09.3251334Z sonar.pullrequest.vsts.repository=XXXXXXXXXX

On the SonarQube server in the ce.log file it is reporting the following:

2019.04.09 11:37:57 WARN ce[AWoBrPsJBoXXTLlhWWsC][c.s.C.C.B.C] Failed to decorate VSTS Pull Request: API resource location 225f7195-f9c7-4d14-ab28-a83f7ff77e1f is not registered on http://XXXXXXXXXX:8080/tfs/DefaultCollection/. Failed to convert a response into an exception.
2019.04.09 11:37:57 INFO ce[AWoBrPsJBoXXTLlhWWsC][o.s.c.t.CeWorkerImpl] Executed task | project=XXXXXXXXXX | type=REPORT | pullRequest=25391 | id=AWoBrPsJBoXXTLlhWWsC | submitter=admin | status=SUCCESS | time=1294ms
2019.04.09 11:40:08 INFO ce[o.s.c.t.CeWorkerImpl] Execute task | project=XXXXXXXXXX | type=REPORT | id=AWoBrwIRBoXXTLlhWWsE | submitter=admin

Also from the SonarQube server within Internet Explorer I can access the TFS instance without any issues.

Is anyone able to advise what could be wrong or that I am missing?


I am facing a similar issue with SonarQube 7.9 with the same setup on TFS.
Did you manage to fix the problem ?

Thank you.

Hi Benjamin,

We upgraded to TFS 2018.Update3.2 (16.131.28601.4) and this then worked.

Hi Jez, and thank you for your response.

I forgot to mention I was using Azure DeOps Server instead of TFS 2017.

Anyway, I managed to discover the cause of my problem. It was due to my proxy firewall which blocked the request from the SonarQube server to TFS.

If anyone is facing similar issues, try to add your TFS server host name in “http.nonProxyHosts” in your “” file.

1 Like


I have managed to run SonarQube Developer version in my local premises. I have Microsoft Team foundation server 2018 deployed on premises. How can decorate pull requests using SonarQube.

I have gone through settings in ALM Integration, but can’t find TFS there. Azure DevOps is that, Git hub is there, and GitLab is there, but I can’t find TFS.

Any place one could point me, or may be I am looking at the wrong direction…

SonarQube Version 8.3 Developer
TFS version 2018.


Hi @stringz

Since Azure DevOps is the current name/version, it’s written like this everywhere in SonarQube. But you can use it to configure your TFS instance normally, it’s still supported.


Hi Mickael,
I have configured Sonarqube with my Builds from TFS, but the results are being displayed in Sonar Qube Server and in Sonar Qube Dashboard.

What I want is the results to be displayed in Pull Requests, so that during merge, those SONARQUBE results are displayed right in TFS.

Is that a possibility in Sonarqube and TFS ? If so, how do I implement it. I have been following the following documentation of SonarQube.

I am running Sonarqube 8.3 Developer edition with Oracle at backend and trying to DECORATE PULL REQUESTS in TFS. I don’t want the results sets in SonarQube. I have got in sonarqube, but I need them in TFS Pull Requests Section.

Hi @stringz

What you will have in your Pull Request for Azure DevOps are the issues posted as comment, on which you can change the status as well as having a link to point to the issue on SonarQube.

Which version of TFS are you using ?

Here are the main steps :

  • Create a Personal Access Token on TFS with Code (Read & Write) permission
  • Create an ALM configuration on SonarQube, with that token
  • Configure your build pipeline to be triggered when a change is made on a Pull Request

And you should be good to go ! Let us know.


Hi Mickaël,

Let me try to answer to you in detail.

TFS Version being used is Version 16.131.28601.4

  • Create a Personal Access Token on TFS with Code (Read & Write) permission (DONE)
  • Create an ALM configuration on SonarQube, with that token (DONE).
  • Configure your build pipeline to be triggered when a change is made on a Pull Request (I think I have configured that, but do guide me if I might have missed it. Although I am quite sure, I have did it right.)

I am uploading some screen shots of my systems, for you to see the issue more clearly. Hope it helps for you to further guide me.

Can you check the warnings that you have on the PR dashboard on SonarQube ? You seem to have 3 of them, if PR decoration is not working, it might help to troubleshoot.


I have now 2 warning. Providing you the snapshot, and there is no indication of what I need to do.

Also, I have managed to run the Pull Request SCAN from sonar from TFS. The builds are running from TFS and Pull Requests are being pulled, but there is no errors.

I even made a buggy PR, having a security bug of Cross Site scripting, but that bug of PR didn’t catch any errors in SonarCube and it has Passed status. Please find the snapshots.

Screen shot of TFS code, having Cross Site vulnerability.

Can you please go to the administration of your project, then background tasks, then click on the wheel (very right of the row) on a line referring to a PR analysis, and click on show sonarscanner context, then copy/paste (i will send you a PM for that) the result to that PM thread ?

Thanks in advance.

Thanks Micheal for your support and detailed steps.

Sent the Back Ground TASKS details over @ PM.

Hi Michealcaro,
Any updates regarding my problem. ?


Did you manage to get code smells at least, as suggested in my last PM reply ?

No. The PRs which are analysed, are without any decorations, w.r.t security / code smells. They say, everything is OK.