Trying to setup merge request decoration

Hi all,
I’m trying to setup sonarqube to use merge request decoration with gitlab.

I’m using the following versions:
Jenkins 2.263.1
GitLab Enterprise Edition 13.3.1-ee
sonarqube:8.8-developer (evaluation license)

I’m using Jenknins pipeline with `withSonarQubeEnv - and the scan for the branches works

  • I define my GitLab URL :
  • I setup access token with api scope permission
  • Merge Request Decoration & Import repositories from your ALM are displayed as enabled.

below is my pipeline .

def runGradle(cmd) {
    echo "Executing Gradle command: $cmd"
    withCredentials([usernamePassword(credentialsId: MAVEN_PRIVATE_REPOSITORY_CREDS_ID, usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
        withSonarQubeEnv(SONARQUBE_SERVER_NAME) {
            sh """./gradlew${JAVA_HOME} -Dorg.gradle.internal.publish.checksums.insecure=true \
               -Pversion=${BUILD_VERSION}-SNAPSHOT \
               -Pcore_infra_version=${CORE_INFRA_VERSION}-SNAPSHOT \
               -Pmaven_public_repository_url=$MAVEN_PUBLIC_REPOSITORY_URL \
               -Pmaven_private_repository_url=$MAVEN_PRIVATE_REPOSITORY_URL \
               -Pmaven_private_repository_username=""" + '$USERNAME' + """ \
               -Pmaven_private_repository_password=""" + '$PASSWORD' + """ \
               --refresh-dependencies $cmd

Hello @aviram ,

Welcome to SonarSource community, :wave:, we hope you’ll enjoy it.

You’re telling us what you want and what you’ve done but nothing about what does not work. It’s difficult to help you then.

  • Have you installed the GitLab branch source plugin in Jenkins ?
  • What in this pipeline would execute the SonarQube scanner ? I see nothing that would hint at this…
  • Do you see the PR in SonarQube ?
  • Can you send the full log of your Jenkins pipeline (as attachment please, not inline…)
  • Feel free to make screenshots if that explains what does not work.


1 Like


  1. yes I have the plugin installed
    2+3. it does run when doing a merge request and I see it in the sonarqube - forgot to add the MR-* branch. but I dont see a comment in gitlab.

I created an access token for my user adn configured the alm integration as attached.

Do I miss a webhook between the gitlab and sonarqube?

access token premissions:

alm integrations

Hello @aviram,

No webhook is needed between GitLab and SonarQube. There should be a webhook between GitLab and Jenkins to trigger the execution of the Jenkins pipeline when code is pushed in GitLab.
This webhook is in place since you see the the MR in SonarQube. The last part, decorating the MR, does not work probably because you have not setup your project settings (Project Id), as per the below.

If you did that already, and it still does not work, can you provide a screenshot of your MR in SonarQube and if there is a warning in the top right corner, a screenshot of the warning.


Thank you very much Oliver,

I forgot to do this in the branch I tested. :laughing:

I have one last issue.

I use docker-compose to run postgres and sonarqube with the default port of 9000.
I don’t see the icons in the sonarqube comment that appears in the gitlab since it points to port 80 of the sonar.

Is there a way I can change it to address 9000 instead of the changing the sonarqube port in my code?

Hello Aviram,
You should only need to set the SonarQube server base URL (Property sonar.core.serverBaseURL) to what is the externally visible URL of your SonarQube server for the icons to show.
This is accessible from SonarQube menu Administration → General → Server base URL.
SonarQube knows himself as http://localhost:9000 by default (if base URL is not set), and all links to SonarQube (including icons) would use this improper base URL.
you should change the base URL into <YourSQpublicURL>:80 (the :80 is probably not needed, this is implicit).
Re-run a analysis to refresh the URL of the icons.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.