Skip to end of metadata
Go to start of metadata

Pull Request analysis is available as part of Developer Edition and higher.


Pull Request analysis allows you to:

  • see your Pull Request (PR) analysis results in the SonarQube UI and see the green or red status to highlight the existence of open issues.
  • automatically decorate your PRs with SonarQube issues. 

PRs are visible in SonarQube from the "branches and pull requests" dropdown menu of your project.

When PR decoration is enabled, SonarQube publish the status of the analysis (Quality Gate) on the PR.

When "Confirm", "Resolved as False Positive" or "Won't Fix" actions are performed on issues in SonarQube UI, the status of the PR is updated accordingly. This means, if you want to get a green status on the PR, you can either fix the issues for real or "Confirm", "Resolved as False Positive" or "Won't Fix" all the issues available on the PR.

PR analyses on SonarQube are deleted automatically after 30 days with no analysis. This can be updated in Configuration > General > Number of days before purging inactive short living branches. 

Analysis Parameters

Pull Request Analysis in SonarQube

To enable PR analysis in SonarQube, you need to provide the following parameters:

Parameter NameTypeDescriptionExample
sonar.pullrequest.branchMandatoryName of your PRsonar.pullrequest.branch=feature/my-new-feature
sonar.pullrequest.keyMandatoryUnique identifier of your PR. Must correspond to the key of the PR in GitHub or TFSsonar.pullrequest.key=5
sonar.pullrequest.baseOptional

The long-lived branch into which the PR aims to be merged. If not specified, “master” will be used.

sonar.pullrequest.base=master

Pull Request Decoration

To activate PR decoration, you need to:

  • declare an Authentication Token
  • specify the Git provider
  • feed some specific parameters (GitHub only)

Authentication Token

The first thing to configure is the authentication token that will be used by SonarQube to decorate the PRs. This can be configured in Administration > Pull Requests. The field to configure depends on the provider.

For GitHub Enterprise or GitHub.com, you need to configure the "Authentication token" field. For VSTS/TFS, it's the "Personal access token".

Pull Request Provider

Parameter NameDescriptionExample
sonar.pullrequest.provider
Name of the system managing your PR (github, vsts).
In VSTS/TFS, when the Analyzing with SonarQube Extension for VSTS-TFS is used, sonar.pullrequest.provider is automatically populated with "vsts".
sonar.pullrequest.provider=github

GitHub Parameters

Parameter NameDescriptionExample
sonar.pullrequest.github.repositorySLUG of the GitHub Reposonar.pullrequest.github.repository=my-company/my-repo
sonar.pullrequest.github.endpointThe API url for a GitHub instance. https://api.github.com/ for github.com, https://github.company.com/api/v3/ when using GitHub Enterprisesonar.pullrequest.github.endpoint=https://api.github.com

Note: if you were relying on the GitHub Plugin, its properties are no longer required and they must be removed from your configuration: sonar.analysis.modesonar.github.repositorysonar.github.pullRequestsonar.github.oauth

Pull Request Decoration Availability


SonarQube DE, EE, DCESonarCloud
GitHub.com(error)(tick)
GitHub Enterprise(tick)(error)
VSTS(error)(tick)
TFS(tick)(error)
Bitbucket Cloud(error)(tick)
Bitbucket Enterprise(error)(error)

(tick) = Supported

(error) = Not yet available: if you need it, please let us know here.

TravisCI + GitHub.com + SonarCloud

All the analysis parameters are automatically populated if you are relying on the SonarCloud add-on. See https://blog.sonarsource.com/sonarcloud-loves-your-build-pipeline for more details.

  • No labels