Pull request analysis
Pull Request analysis is available starting in Developer Edition.
You can see your pull requests in SonarQube from the branches and pull requests dropdown menu of your project.
Pull request analysis shows your pull request's quality gate and analysis in the SonarQube interface. This analysis shows new issues introduced by the pull request before merging with the target branch:
The new code should be your focus moving forward when using the Clean as You Code strategy. More about this can be found in the SonarQube user guide concepts pages.
Pull Request analysis doesn’t report new issues raised on old code and issues raised at the file level.
Prerequisites
Before analyzing your pull requests, make sure that:
- The pull request source branch is checked out in the local repository.
- The branch being targeted by the pull request is fetched and present in the local repository.
- The analysis is being run on a local repository with valid repository metadata (e.g. the
.git
folders have not been removed). Avoid any attempt at previewing the merge or actions involving your main branch. - The code in the local repository matches the code in the remote repository (e.g once a PR is issued, no code is added to the local branch on the CI side before analysis).
Report pull request status to your DevOps Platform
You can also report the pull request analysis and quality gate status directly in your DevOps platform's interface. To set up pull request decoration, see the DevOps platform integration page that corresponds with your DevOps platform:
- GitHub Enterprise and GitHub.com
- Bitbucket Server
- Bitbucket Cloud
- GitLab Self-Managed and GitLab.com
- Azure DevOps
To decorate pull requests, a SonarQube analysis needs to be run on your code. You can find the additional parameters required for pull request analysis below in the Analysis Parameters section.
Pull request quality gate
A quality gate lets you ensure you are meeting your organization's quality policy and that you can merge your pull request. The pull request uses your project quality gate as follows:
- Focuses on new code: The pull request quality gate only uses your project's quality gate conditions that apply to new code metrics using the Clean as You Code strategy.
- Assigns a status: Each pull request shows a quality gate status reflecting whether it passed or failed.
Pull request analyses on SonarQube are deleted automatically after 30 days with no analysis. This can be updated in Administration > Configuration > General Settings > Housekeeping > Number of days before purging inactive branches.
Analysis parameters
The following parameters enable Pull Request analysis.
Scanners can automatically detect Pull Request parameters when running on the following CI services:
- Azure Pipelines
- Bitbucket Pipelines
- Cirrus CI
- Codemagic
- GitHub Actions
- GitLab CI/CD
- Jenkins (with the Branch Source plugin configured)
Manually setting Pull Request parameters overrides automatic detection.
Parameter Name | Description |
sonar.pullrequest.key | Unique identifier of your Pull Request. Must correspond to the key of the Pull Request in your DevOps Platform. e.g.: sonar.pullrequest.key=5 |
sonar.pullrequest.branch | The name of the branch that contains the changes to be merged. e.g.: sonar.pullrequest.branch=feature/my-new-feature |
sonar.pullrequest.base | The branch into which the Pull Request will be merged. Default: main branch e.g.: sonar.pullrequest.base=main |
Was this page helpful?