Sonarqube Integration PR Analysis
complete
E
Economic Sawfish
Does sonarqube extraction scan supports pulling pull request scans?
Assuming that we enable the API access to the ADO Connecters, how should we pass the pull request id to the sonarqube scan step?
If the extraction scan does not support the pull request scan, is there a way to pass the specific analysis id and have it pull that?
Log In
Pritesh Chandaliya
complete
The feature is available. no response from customer.
Pritesh Chandaliya
pending feedback
This is available already, let us know any feedback.
Pritesh Chandaliya
There is a manual configuration which customers need to perform for leveraging this new feature.
Go to the SonarQube step, for orchestration and data extraction mode, change the scan configuration from default to branch scan. Refer to the screenshot.
Release notes: https://developer.harness.io/release-notes/security-testing-orchestration#version-11022
Reference docs: https://developer.harness.io/docs/security-testing-orchestration/sto-techref-category/sonarqube-sonar-scanner-reference#scan-configuration
- For PR scan (not same as the SonarQube PR scan feature), the same configuration needs to be used additional to setting the branch name manually. The format in which the branch name is provided will help to find the corresponding scan on the SonarQube side easily.
Please refer to the best practices section for more details: https://developer.harness.io/docs/security-testing-orchestration/sto-techref-category/sonarqube-sonar-scanner-reference#set-the-name-for-your-scans
Note: STO uses SonarQube branch scan to perform PR scanning behind the scenes.
Economic Sawfish does this help? If not, lets chat.
E
Economic Sawfish
Wanted to follow up and see when can be expect this rollout?
Pritesh Chandaliya
Data extraction mode for the SonarQube PR and Branch support is still under development and will be available by June mind. There have been multiple complications on supporting this feature and our engineers are working on making the config and workflow a pleasant experience for STO users. Thanks for the patience! Economic Sawfish
This post was marked as
in progress
Pritesh Chandaliya
SonarQube PR and Branch support which is applicable for only commercial scanner is released and live on all the production env.
B
Beryl Dormouse
long-term
Bharath, plan to implement the request in Q1 2024 (1H 2024) but evaluating if we can fast-track - for sooner implementation. Will keep you posted as we reach closer to fulfilling the requested capability.
B
Beryl Dormouse
under review