I am currently introducing SonarQube into a large legacy project. This means that there are already hundreds of warnings, in the first step I would like to ensure that there are no new warnings coming from our feature branches.
To achieve this, I want to have the Sonar analysis run on every feature branch, compare it to the main branch and alert the committer in case new warnings have been introduced.
Assume the following situation:
MyProject 1.0-SNAPSHOT is the name and version of the project on SonarQube. It has 100 warnings. It represents the
develop branch. The
leak period is the analysis from 1 day ago. This works very well, I can see which new warnings have been introduced since yesterday.
Developers are working on
feature/somefeature branches. When they open a pull request, I want a Sonar analysis to run on that branch. This works fine, but I can’t set the
leak version to
MyProject 1.0-SNAPSHOT from yesterday, because this branch is seen as a completely separate project by SonarQube, even though I set the
sonar.projectKey to the same name and I have also tried playing around with the
The desired outcome is:
develop -> 100 warnings
feature/somefeature -> 102 warnings
On the SonarQube dashboard of
feature/somefaturedisplay “2 new warnings”.
Can it be done with sonar itself, or do I need to write my own program using the Sonar REST API?
You should use Branch Plugin in order to analyse branches for only new issues. This plugin has a corresponding Quality Gate:
For short-lived branches, there is a kind of hard-coded quality gate focusing only on new issues.
It will create Issues only if there are new bugs or vulnerabilities.
As per the plugin documentation all your feature branches should be identified as short-lived branches.