Webhook body inconsistencies

april.g · February 11, 2025, 10:45pm

Hi, I manage a product that receives SonarQube webhooks for customers who may have a range of different SonarQube products installed, so this is not specific to any one version.

We are currently experiencing exceptions processing webhook events for a few customers where the webhook body is missing a field that we expect, namely qualityGate and taskId.

Checking the documentation for SonarQube Server, it doesn’t appear that these fields should ever be missing from the webhook event, and the example webhook body is the same for all available versions: Webhooks

Are there cases where certain fields (taskId, qualityGate) can be missing from a webhook event?
Can these cases be documented with additional examples?
Can anyone confirm if different versions of SonarQube may send webhooks that are incompatible?

Thanks for your help.

Colin · February 13, 2025, 9:07am

Hey there April.

taskId can be missing from a Webhook call when the webhook is triggered by the manual change of an issue status (marking an issue as false-postive, for example) that causes the Quality Gate to change. Here’s an example on my local 2025.1 LTA instance:

{
  "serverUrl": "http://localhost:9000",
  "status": "SUCCESS",
  "analysedAt": "2025-02-10T10:51:17+0100",
  "revision": "c8e602a6c822d8bd2fbec3f622303836d5631879",
  "changedAt": "2025-02-13T09:55:38+0100",
  "project": {
    "key": "aws",
    "name": "aws",
    "url": "http://localhost:9000/dashboard?id=aws"
  },
  "branch": {
    "name": "main",
    "type": "BRANCH",
    "isMain": true,
    "url": "http://localhost:9000/dashboard?id=aws"
  },
  "qualityGate": {
    "name": "Sonar way",
    "status": "OK",
    "conditions": [
      {
        "metric": "new_coverage",
        "operator": "LESS_THAN",
        "value": "0.0",
        "status": "OK",
        "errorThreshold": "80"
      },
      {
        "metric": "new_duplicated_lines_density",
        "operator": "GREATER_THAN",
        "value": "0.0",
        "status": "OK",
        "errorThreshold": "3"
      },
      {
        "metric": "new_security_hotspots_reviewed",
        "operator": "LESS_THAN",
        "status": "OK",
        "errorThreshold": "100"
      },
      {
        "metric": "new_violations",
        "operator": "GREATER_THAN",
        "value": "0",
        "status": "OK",
        "errorThreshold": "0"
      }
    ]
  },
  "properties": {
    "sonar.analysis.detectedci": "undetected",
    "sonar.analysis.detectedscm": "git"
  }
}

This is true for all versions of SonarQube since v7.0 (SONAR-10247)

I was surprised to see that this case isn’t mentioned at all in the documentation on Webhooks! I guess we planned to with SONAR-10251? It was a long time ago, but anyways I’ll ping our docs team to make sure this gets documented.

I can’t figure out a situation where qualityGate would be blank. I’d encourage you to find out more about the instances of SonarQube exhibiting this behavior (what version are they using?) and provide an example payload that’s missing this data. Maybe there are some other clues!

As far as I’m aware there have been no breaking changes to the webhook payload since it was first developed.

april.g · February 13, 2025, 5:30pm

Thanks so much for this context! Are there cases where the qualityGate itself may be missing values we expect to be required (name, status, conditions ?) That could be the other root cause of the error. Digging up the exact webhook content can be difficult for us unless the customer is reaching out to us, as we do not log any user-generated data.

Colin · February 14, 2025, 9:17am

Hey @april.g !

I puzzled on this for a little while – is it possible that you also have some webhooks being sent from SonarQube Cloud (FKA SonarCloud)?

Thanks to SonarQube Server and SonarQube Cloud’s distinct histories (which are starting to be reconciled), there is no QG computed on the first SonarQube Cloud analysis of a project (docs).

I checked, and indeed, there is no qualityGate here sent in the webhook of this scenario.

{
  "serverUrl": "https://sonarcloud.io",
  "taskId": "AZUDvQSPy86ZFw3EWMNV",
  "status": "SUCCESS",
  "analysedAt": "2025-02-14T09:14:22+0000",
  "revision": "dd31d7eb32c67a5677616f4722eb3230ea171c3c",
  "changedAt": "2025-02-14T09:14:22+0000",
  "project": {
    "key": "colin-sonarsource_sq-mass-migrate-identity-provider",
    "name": "sq-mass-migrate-identity-provider",
    "url": "https://sonarcloud.io/dashboard?id=colin-sonarsource_sq-mass-migrate-identity-provider"
  },
  "branch": {
    "name": "main",
    "type": "LONG",
    "isMain": true,
    "url": "https://sonarcloud.io/dashboard?id=colin-sonarsource_sq-mass-migrate-identity-provider"
  },
  "properties": {}
}

I am not aware of any scenario with SonarQube Server or SonarQube Community Build (FKA Community Edition) that would result in the same.

Topic		Replies	Views
Sonarqube Webhook's taskID and revision is not matching with keyID and hash in Issues JSON. Not able to use webhook for identifying any issue SonarQube Server / Community Build sonarqube , webhooks	3	1084	March 3, 2022
What is with SonarCloud sending out incomplete payloads in its webhook? SonarQube Cloud webhooks , sonarqube-cloud	3	532	October 13, 2021
Sonar webhook data 'stripped' in Jenkins SonarQube Server / Community Build scanner , jenkins , webhooks	2	916	April 24, 2020
SonarQube task status is 'IN_PROGRESS' in Jenkins SonarQube Server / Community Build jenkins	4	8071	October 24, 2023
Facing issues in sonar webhook after Upgrade to enterprise edition 8.1 from developer edition 7.1 SonarQube Server / Community Build webhooks	13	2326	February 13, 2020

Webhook body inconsistencies

Related topics