Unable to see PR scan results

Hi Team,

I have configured Git, TeamCity and SonarCloud and able to scan my projects and they are showing the results as expected… However, when I am trying to analyze PR’s the scan is getting completed with some warnings but in PR report page it is not showing any details of Bug, Vulnerabilities etc… Do we need to enable any settings…I am attaching screenshots for your reference…

Also, I can see 3 warnings after the PR scan is completed at the right side top…Please find below the same… How to fix these warnings as well… I have already tried installing node.js and it fixed some off the warnings and even tried to set node.js path in sonar.properties file

  1. Some JavaScript rules were not executed. Provided Node.js executable file does not exist.
  2. The Data Dictionary is not configured which prevents rule(s) S3641, S3921, S3618, S3651 to raise issues.
  3. Pull request decoration did not happen. No commit found for SHA ‘’

Do let me know if you require any further information…

Ram Gopal K

Any help is highly appreciated

The warnings are typically not about the quality of the code, but the code scan process itself. Let’s go over the warnings in your case.

This means that either the node executable was not found, or it did not exist at the specified path. And without the node executable, some quality checks cannot be performed. To fix it, verify the path to node, and specify it explicitly using the sonar.nodejs.executable property. See also the documentation page of SonarJS.

This seems to come from the SonarPLSQL plugin, please see its documentation page to resolve it.

I’m not sure how this is possible… Was there really no SHA value between ‘’? That is, was the real message more like this, and then you removed the SHA value before posting?

Pull request decoration did not happen. No commit found for SHA ‘20289e0f076a6428afb92c09847f3cd44d598669’

Thanks Janos,

I am able to manage to fix the node.js warning by adding node.exe in the sonar.nodejs.executable property file.

In our Project, we are not using PLSQL/JDBC connection we are using MS-SQL and all db are in the connectionstring.config file.

Regarding the Pull Request decoration error… I am getting upto SHA only…Please see attached screenshot for your reference…


Ram Gopal K

Can you tell me more about how you checkout the project from version before running the analysis, and also how exactly you run the analysis (the command)?


sonar.plsql. * parameters from the sonar-project.properties need to point Oracle database that stores the PL/SQL code that will be analyzed. You also have to ensure, that this Oracle Database is reachable from the scanning node on which analysis runs.

Defining Data Dictionary is highly recommended to provide some more inputs to certain rules, but it is not obligatory.

As a next step: make sure, that the sonar.plsql. * point to the correct database.
Or, if you need more time/input to correctly configure Data Dictionary you may temporarily remove sonar.plsql. * parameters – this will still successfully run PL/SQL analysis and give you chance to configure Data Dictionary later.


Hi Janos,

I have configured teamcity some steps in teamcity like start-scan, build and end-scan and executing the sonar analysis by running that project…

Here is the command which I am using… I have masked the values but this is the exact command I am using to perform analysis.

Ram Gopal K

I see now: it’s because you have /d:sonar.scm.disabled="true" that the SHA of your analysis cannot be known. If you would like pull request decoration, then you need to drop this parameter.

If I drop sonar.scm.disabled parameter then I am getting one more error related to scm. Let me try to run it by dropping this parameter and post you the result.

This is the warning I am getting now when I drop the scm parameter… But again, still I can’t see any PR decoration…


The warning about SCM autodetection tells you it could not detect your SCM, and gives you two options. You have tried one of them: disable SCM. Which is clearly not suitable for you, because if you want PR decoration, you need the SCM plugin working properly. That leaves the second option: specify sonar.scm.provider explicitly. Try this:


Hi Janos,

I have tried the second option suggested by you but now I am landing on a error screen while the scanner analysis is going to complete…

Please find below the screenshot for your reference…


As the error message says, the working directory where you run the scan is not inside a Git working tree. In other words, the scanner could not find a .git directory, which is necessary to collect SCM information, required for decoration.

Is it possible to reorganize your build environment so that you run MSBuild.exe inside a directory that is inside a Git working tree? Without access to Git data, we cannot identify the files and lines that changed in the PR, and the pull request analysis may be inaccurate.

I am not sure how to reorganize the build environment. Could you please guide me by sharing any link ?

By the way, I followed the same steps on my personal git account and I am able to see the PR analysis results… Please see below for your reference…


Janos, I have tried enabling the SCM and Pull Requets settings and tried to re-run the PR scan analysis and this time I haven’t receieved any error and the build analysis completed sucessfully… But, there were no new code smells, bugs and other things…
Will try to re-run on a different PR and will check…

Thanks for your timely and valuable help… Highly appreciated !!! :slight_smile:


Maybe I can give you some help as I also work on Teamcity and Sonarcloud. Sonarcloud is trying to get SCM information at the root of your workspace (in the Teamcity “work/<some_id>” directory).

First you need to make sure you are doing agent-side checkout, then you can face two situations:

1- You only need one repository to build your project: this means one “VCS-root” in Teamcity. To fix your problem, just remove any “checkout rules” and the .git and content of your repository will be at the root of your workspace. You can then activate SCM stuff.

2- You need multiple repositories to build your project: this means multiple “VCS-root” in Teamcity. You will likely need to use “checkout rules” and .git folders will then be located inside these sub directories. In that case disabling SCM is kind of mandatory unfortunatly (this is the same using jenkins by the way).

I hope this makes sense and maybe it will help.


I have tried replicating some issues in our code… But when I ran the PR analysis it is not showing anything in the report… What I have observed is in the Git >> Pull Request >> Under checks I see the sonar scan didn’t ran and it is showing as queued…


But, in the teamcity and sonarcloud I can see the log and timestamps that it completed… In my personal Git I am able to see the sonar results. Am I missing anything ?


It’s well summarized by @Christophe’s response above (great assist btw, big thanks Christophe!).

When you test with your personal Git account, you probably clone a repo, cd into the working tree, and run the analysis steps there. This way, the .git directory is found, so the scanner can read all the needed SCM information, and decoration can succeed. That’s the key difference between your local tests and your CI environment.

A common cause of this is that the CI system does not analyze the HEAD of the PR, but in fact a different commit, for example the result of a temporary merge. Make sure the SHA1 analyzed by the CI is the same as the HEAD of the PR.

Thanks… Now I am able to see the results.

But still I am unable to understand why the checks in the Git is not getting updated… It is showing as queued…