Pull Request Analysis

Pull Request analysis is available as part of Developer Edition and above.

Pull Requests (PRs) are visible in SonarQube from the branches and pull requests dropdown menu of your project.

PR analysis allows you to:

  • see your PR's Quality Gate status in the SonarQube UI.
  • automatically decorate your PRs with SonarQube issues in your SCM provider's interface.

Quality Gate

The PR quality gate:

  • Focuses on new code – The PR quality gate only uses your project's quality gate conditions that apply to "on New Code" metrics.
  • Assigns a status – Each PR shows a quality gate status reflecting whether it Passed (green) or Failed (red).

When PR decoration is enabled, SonarQube publishes the status of the analysis (Quality Gate) on the PR.

PR analyses on SonarQube are deleted automatically after 30 days with no analysis. This can be updated in Configuration > General > Number of days before purging inactive short living branches.

Analysis Parameters

Pull Request Analysis in SonarQube

These parameters enable PR analysis:

Parameter Name Description
sonar.pullrequest.branch The name of your PR
Ex: sonar.pullrequest.branch=feature/my-new-feature
sonar.pullrequest.key Unique identifier of your PR. Must correspond to the key of the PR in GitHub or TFS.
E.G.: sonar.pullrequest.key=5
sonar.pullrequest.base The long-lived branch into which the PR will be merged.
Default: master
E.G.: sonar.pullrequest.base=master

Pull Request Decoration

To activate PR decoration, you need to:

  • (For GitHub Enterprise) Specify your pull request provider, create a GitHub App and configure your SonarQube instance, and set your GitHub parameters.
  • (For Azure DevOps and Bitbucket) Specify your pull request provider and set an authentication token/personal access token.

Specifying Your Pull Request Provider

Parameter Name Description
sonar.pullrequest.provider github or vsts . This is the name of the system managing your PR. In Azure DevOps, when the SonarQube Extension for Azure DevOps is used, sonar.pullrequest.provider is automatically populated with "vsts".

Note: if you were relying on the GitHub Plugin, its properties are no longer required and they must be removed from your configuration: sonar.analysis.mode, sonar.github.repository, sonar.github.pullRequest, sonar.github.oauth.

Creating Your GitHub App

To add PR decoration to Checks in GitHub Enterprise, an instance administrator needs to create a GitHub App and configure your SonarQube instance. See GitHub Enterprise Integration for more information.

Setting Your GitHub Parameters

Parameter Name Description
sonar.pullrequest.github.repository SLUG of the GitHub Repo

Setting Your Authentication Token/Personal Access Token

If you are using Azure DevOps or Bitbucket, you need to configure the authentication token/personal access token that will be used by SonarQube to decorate the PRs. This can be configured in Administration > General Settings > Pull Requests > VSTS > Personal access token.

Bitbucket Server Parameters

Parameter Name Description
sonar.pullrequest.bitbucketserver.serverUrl The base URL for your Bitbucket Server instance. Usually defined in global server settings.
Ex.: https://bitbucket.company.com/
sonar.pullrequest.bitbucketserver.project Bitbucket project key. Can be set in project settings, or passed through scanner properties.
Ex.: MYPRJ
sonar.pullrequest.bitbucketserver.repository SLUG of the Bitbucket repository. Can be set in project settings, or passed through scanner properties.
Ex.: my-repo

Issue links

During pull request decoration, individual issues will be linked to their SonarQube counterparts automatically. However, for this to work correctly, the instance's Server base URL (Administration > General) must be set correctly. Otherwise the links will default to localhost.