This is an archived version of the documentation for SonarQube version 7.3.
See Documentation for current functionality
Pull Request analysis is available as part of Developer Edition and higher.
Pull Request analysis allows you to:
- see your Pull Request (PR) analysis results in the SonarQube UI and see the green or red status to highlight the existence of open issues.
- automatically decorate your PRs with SonarQube issues.
PRs are visible in SonarQube from the "branches and pull requests" dropdown menu of your project.
When PR decoration is enabled, SonarQube publish the status of the analysis (Quality Gate) on the PR.
When "Confirm", "Resolved as False Positive" or "Won't Fix" actions are performed on issues in SonarQube UI, the status of the PR is updated accordingly. This means, if you want to get a green status on the PR, you can either fix the issues for real or "Confirm", "Resolved as False Positive" or "Won't Fix" all the issues available on the PR.
PR analyses on SonarQube are deleted automatically after 30 days with no analysis. This can be updated in Configuration > General > Number of days before purging inactive short living branches.
Pull Request Analysis in SonarQube
To enable PR analysis in SonarQube, you need to provide the following parameters:
|sonar.pullrequest.branch||Mandatory||Name of your PR||sonar.pullrequest.branch=feature/my-new-feature|
|sonar.pullrequest.key||Mandatory||Unique identifier of your PR. Must correspond to the key of the PR in GitHub or TFS||sonar.pullrequest.key=5|
The long-lived branch into which the PR aims to be merged. If not specified, “master” will be used.
Pull Request Decoration
To activate PR decoration, you need to:
- declare an Authentication Token
- specify the Git provider
- feed some specific parameters (GitHub only)
The first thing to configure is the authentication token that will be used by SonarQube to decorate the PRs. This can be configured in Administration > Pull Requests. The field to configure depends on the provider.
For GitHub Enterprise or GitHub.com, you need to configure the "Authentication token" field. For VSTS/TFS, it's the "Personal access token".
Pull Request Provider
|sonar.pullrequest.provider||Name of the system managing your PR (github, vsts).|
In VSTS/TFS, when the Analyzing with SonarQube Extension for VSTS-TFS is used, sonar.pullrequest.provider is automatically populated with "vsts".
|sonar.pullrequest.github.repository||SLUG of the GitHub Repo||sonar.pullrequest.github.repository=my-company/my-repo|
|sonar.pullrequest.github.endpoint||The API url for a GitHub instance. https://api.github.com/ for github.com, https://github.company.com/api/v3/ when using GitHub Enterprise||sonar.pullrequest.github.endpoint=https://api.github.com|
Note: if you were relying on the GitHub Plugin, its properties are no longer required and they must be removed from your configuration: sonar.analysis.mode, sonar.github.repository, sonar.github.pullRequest, sonar.github.oauth
Pull Request Decoration Availability
|SonarQube DE, EE, DCE||SonarCloud|
here.= Not yet available: if you need it, please let us know
TravisCI + GitHub.com + SonarCloud
All the analysis parameters are automatically populated if you are relying on the SonarCloud add-on. See https://blog.sonarsource.com/sonarcloud-loves-your-build-pipeline for more details.