Start Free
Latest | Analyzing source code | Pull request analysis | Setting up the pull request analysis

Setting up the pull request analysis

On this page

Pull request analysis is available starting in Developer Edition.

Prerequisites

The pull request analysis must be integrated into a CI pipeline. For more information, see Integration into your CI pipeline on the SonarQube Server analysis overview page.

Before analyzing your pull requests, make sure that:

  • The pull request source branch is checked out in the CI/CD host's local repository.
  • The branch being targeted by the pull request (target branch) is fetched in the CI/CD host's local repository (This is usually done through the cloning of the remote repository by the CI pipeline).
  • The CI/CD host's local repository contains valid repository metadata (e.g. the  .git  folders have not been removed). Avoid any attempt at previewing the merge or actions involving your main branch.
    See Verifying the code checkout step.  
  • The code in the CI/CD host's local repository matches the code in the remote repository (e.g once a pull request is issued, no code is added to the local branch on the CI side before analysis).
  • If you use AWS CodeBuild, the LOCAL_SOURCE_CACHE feature must be disabled for accurate pull request analysis (otherwise, new code won't be properly detected).

Setting up the pull request analysis

To set up the pull request analysis:

  1. Add the SonarQube Server analysis step to your pull request CI pipeline. See the corresponding section of your CI tool in this documentation:
  2. Make sure that the SonarScanner gets the pull request parameters required for the project analysis: see Setting up the pull request parameters below.
  3. In addition, you can configure the pull request decoration: see Configuring the quality gate status report below.

Setting up the pull request parameters

The SonarScanner can automatically detect the pull request parameters when running on the following CI services (you don’t need to perform any additional setup):

  • Azure Pipelines
  • Bitbucket Pipelines
  • Cirrus CI
  • Codemagic
  • GitHub Actions
  • GitLab CI/CD
  • Jenkins (with the Branch Source plugin configured)

The table below lists the analysis parameters specific to the pull request analysis that are required by the SonarScanner. See Analysis parameters for information about the setup of analysis parameters for the scanner.

Parameter NameDescription
sonar.pullrequest.key

Unique identifier of your pull request. Must correspond to the key of the pull request in your DevOps Platform.

Example: sonar.pullrequest.key=5

sonar.pullrequest.branch

The name of the branch that contains the changes to be merged.

Example: sonar.pullrequest.branch=feature/my-new-feature

sonar.pullrequest.base

The branch into which the pull request will be merged (target branch).

Default: main branch

Example: sonar.pullrequest.base=main

Configuring the quality gate status report

You can report the pull request analysis and quality gate status directly in your DevOps platform's interface (pull request decoration). For projects bound in SonarQube Server to their DevOps platform repository (this requires the integration setup of your DevOps platform with SonarQube Server), the quality gate status report is automatically set up. For more information, see the DevOps platform integration page that corresponds with your DevOps platform:


Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License