Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

PR Decorations from Sonarqube stay hidden

Hi everyone,

I have an issue setting up the pull request decorations from Sonarqube Enterprise on Bitbucket Server.

Sonarqube actually delivers the decorations to the Bitbucket instance. There should then be a report available on the pull request page, but there is nothing there.

I tested this with a vanilla bitbucket 6.10.14 and a 7.17.1 (as a docker instance) from a Sonarqube Enterprise 8.9.0, 8.9.1, and 8.9.2.

The Log points to this particular spot:, | http | o@1BKQBINx694x2333x0 | admin | 2021-11-10 11:34:59,219 | "PUT /rest/insights/1.0/projects/TA/repos/alice/commits/0c1cbc5a1f50cbd017a65c331d5de71af1a3d4b8/reports/com.sonarsource.sonarqube HTTP/1.1" | "" "okhttp/4.9.0" | 200 | 573 | 620 | access-token:id:290119840153 | 91 | 14nhufa |

So, the data lands here, it seems, the commit ID is where the branch split off, so before the actual commit in the branch. I have no idea if this is even remotely correct:


{"data":[{"title":"Bugs","value":"0","type":"TEXT"},{"title":"Vulnerabilities","value":"0","type":"TEXT"},{"title":"Code Smells","value":"0","type":"TEXT"},{"title":"Security Hotspots","value":"0","type":"TEXT"},{"title":"Code Coverage","value":"n/a","type":"TEXT"},{"title":"Duplication","value":"n/a","type":"TEXT"}],"createdDate":1636540499206,"details":"Quality Gate passed","key":"com.sonarsource.sonarqube","link":"https://my-sonar/dashboard?id=TA&pullRequest=1","logoUrl":"https://my-sonar/images/embed-doc/sq-icon.svg","result":"PASS","title":"SonarQube","reporter":"SonarQube"}

What do I miss? Is there an additional configuration necessary in Bitbucket to activate the insights reports on the pull requests page? Is the place the report was delivered to correct? Do I need another plugin apart from the default Code Insights?

Thanks & BR,

1 answer

1 accepted

0 votes
Answer accepted

Hi everyone,

I figured it out in the end.

This was the crucial bit of information:

[...]As with the build status API, code insights are only displayed if they are associated with the latest commit on a pull request's source branch. [...]

So, if you do the sonar scan from the wrong branch (!= the PR source branch), or you do pre-merge checks (auto merging and creating commit hashes locally on the CI infrastructure only) then the decoration will not be visible. The report is then, as was my hunch, put in the wrong place.

BR, Johannes

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

2,247 views 2 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you