This is an archived version of the documentation for SonarQube-7.3.
See the Latest Documentation for current functionality.

Pull Request Analysis

Pull Request analysis is available as part of Developer Edition and higher.

Pull Request analysis allows you to:

  • see your Pull Request (PR) analysis results in the SonarQube UI and see the green or red status to highlight the existence of open issues.

  • automatically decorate your PRs with SonarQube issues.

PRs are visible in SonarQube from the "branches and pull requests" dropdown menu of your project.

When PR decoration is enabled, SonarQube publish the status of the analysis (Quality Gate) on the PR.

When "Confirm", "Resolved as False Positive" or "Won't Fix" actions are performed on issues in SonarQube UI, the status of the PR is updated accordingly. This means, if you want to get a green status on the PR, you can either fix the issues for real or "Confirm", "Resolved as False Positive" or "Won't Fix" all the issues available on the PR.

PR analyses on SonarQube are deleted automatically after 30 days with no analysis. This can be updated in Configuration > General > Number of days before purging inactive short living branches.

Analysis Parameters

Pull Request Analysis in SonarQube

To enable PR analysis in SonarQube, you need to provide the following parameters:

Parameter Name

Type

Description

Example

sonar.pullrequest.branch

Mandatory

Name of your PR

sonar.pullrequest.branch= feature/my-new-feature

sonar.pullrequest.key

Mandatory

Unique identifier of your PR. Must correspond to the key of the PR in GitHub or TFS

sonar.pullrequest.key=5

sonar.pullrequest.base

Optional

The long-lived branch into which the PR aims to be merged. If not specified, “master” will be used .

sonar.pullrequest.base=master

Pull Request Decoration

To activate PR decoration, you need to:

  • declare an Authentication Token

  • specify the Git provider

  • feed some specific parameters (GitHub only)

Authentication Token

The first thing to configure is the authentication token that will be used by SonarQube to decorate the PRs. This can be configured in Administration > Pull Requests. The field to configure depends on the provider.

For GitHub Enterprise or GitHub.com, you need to configure the "Authentication token" field. For VSTS/TFS, it's the "Personal access token".

Pull Request Provider

Parameter Name

Description

Example

sonar.pullrequest.provider

Name of the system managing your PR (github, vsts).
In VSTS/TFS, when the Analyzing with SonarQube Extension for VSTS-TFS is used, sonar.pullrequest.provider is automatically populated with "vsts".

sonar.pullrequest.provider=github

GitHub Parameters

Parameter Name

Description

Example

sonar.pullrequest.github.repository

SLUG of the GitHub Repo

sonar.pullrequest.github.repository=my-company/my-repo

sonar.pullrequest.github.endpoint

The API url for a GitHub instance. https://api.github.com/ for github.com, https://github.company.com/api/v3/ when using GitHub Enterprise

sonar.pullrequest.github.endpoint=https://api.github.com

Note: if you were relying on the GitHub Plugin, its properties are no longer required and they must be removed from your configuration: sonar.analysis.mode , sonar.github.repository , sonar.github.pullRequest , sonar.github.oauth

Pull Request Decoration Availability

 

SonarQube DE, EE, DCE

SonarCloud

GitHub.com

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/error.png

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/check.png

GitHub Enterprise

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/check.png

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/error.png

VSTS

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/error.png

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/check.png

TFS

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/check.png

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/error.png

Bitbucket Cloud

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/error.png

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/check.png

Bitbucket Enterprise

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/error.png

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/error.png

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/check.png = Supported

images/s/en_GB/7402/131c587a84e4ee088cb3d1cec7ecd765481c9c79/_/images/icons/emoticons/error.png = Not yet available: if you need it, please let us know here.

TravisCI + GitHub.com + SonarCloud

All the analysis parameters are automatically populated if you are relying on the SonarCloud add-on. See https://blog.sonarsource.com/sonarcloud-loves-your-build-pipeline for more details.