0

I have a query with SonaQube analyzing for long lived and short lived branches. Suppose if I have branches main,release,master,feature branches in my azurerepos. I am doing a sonar amaysis on the source code...now if I have created some pull request to merge feature branch to master which has sonar analysis task step in it and haven't yet merged the PR to master branch. Now in SonarUI will the analysis shows for the PR? or the analysis will show only if I merge the PR to master branch? and will sonar UI display all the branches which have sonaranalysis step in the pipeline? or is there any limitation for long lived and short lived branches display in SonarUI? Asking for snarQube 8.0 and 8.5 version

priya
  • 391
  • 1
  • 5
  • 24
  • Can you be more specific with your requirement ? Its totally confusion. Is the question related to PR decoration ? – Sourav Dec 08 '20 at 11:53
  • will sonar only analyze if the pull request is merged from feature branch to master branch? suppose if I have a feature branch and I have sonar analysis step in it...but in sonar UI..the analysis is being shown only for mater brancg...my feature branch is not visible – priya Dec 08 '20 at 12:26
  • Yes, SonarQube also scan the feature branches or short lived branches, if you have sonar scan step in it. Can you show your sonar analysis step. – Sourav Dec 08 '20 at 16:00

2 Answers2

0

One misconception that I often see is that people think that Sonarqube "actively" scans codebases. SonarQube mostly just sits there and waits for you to ask it to do something. The responsibility for running a scan belongs to your build automation. SonarQube doesn't know when you create feature branches or merge them to target branches. If you want a scan of your feature branch (which I definitely recommend), you have to implement automation between your central git repository and your build system (Jenkins, most likely) that makes that happen.

David M. Karr
  • 14,317
  • 20
  • 94
  • 199
0

Check documentation here:

https://docs.sonarqube.org/latest/analysis/pull-request/

You can see your Pull Requests in SonarQube from the Branches and Pull Requests dropdown menu of your project.

Pull Request analysis shows your Pull Request's Quality Gate and analysis in the SonarQube interface.

Before analyzing your Pull Requests, make sure the Pull Request branch is checked out. Avoid any attempt at previewing the merge or actions involving your main branch.

Which branch you want to analyze, check out which branch in your pipeline. There is a video that shows how SonarQube analyzes Pull Requests:

https://www.sonarqube.org/microsoft-azure-devops-integration/

Cece Dong - MSFT
  • 29,631
  • 1
  • 24
  • 39
  • @MSFT..I have two branches master and release.. release branch have branch policies..I have created a PR, created a temporary branch and then merged the new branch to release branch..now in sonarUI..analysis shows for master branch only ..but issues tab is blank for the temporary branch..and release branch is also not visible in UI. – priya Dec 15 '20 at 08:52
  • Did you select correct branch in your build? – Cece Dong - MSFT Dec 15 '20 at 09:26
  • yes..my build is for release branch..but the anaylysis shows for master branch in SonarUI – priya Dec 15 '20 at 09:57
  • @MSFT.. if possible could you help with this query? this works fine when I test it manually on that build agent..but fails through pipeline.https://stackoverflow.com/q/65300760/13460189 – priya Dec 15 '20 at 10:13