SonarQube Leak Period between Branches or Projects

Question

I am currently introducing SonarQube into a large legacy project. This means that there are already hundreds of warnings, in the first step I would like to ensure that there are no new warnings coming from our feature branches.

To achieve this, I want to have the Sonar analysis run on every feature branch, compare it to the main branch and alert the committer in case new warnings have been introduced.

Assume the following situation:

MyProject 1.0-SNAPSHOT is the name and version of the project on SonarQube. It has 100 warnings. It represents the develop branch. The leak period is the analysis from 1 day ago. This works very well, I can see which new warnings have been introduced since yesterday.

Developers are working on feature/somefeature branches. When they open a pull request, I want a Sonar analysis to run on that branch. This works fine, but I can't set the leak version to MyProject 1.0-SNAPSHOT from yesterday, because this branch is seen as a completely separate project by SonarQube, even though I set the sonar.projectKey to the same name and I have also tried playing around with the sonar.branch property.

The desired outcome is:

1. develop -> 100 warnings

2. feature/somefeature -> 102 warnings

3. On the SonarQube dashboard of feature/somefature display "2 new warnings".

Can it be done with sonar itself, or do I need to write my own program using the Sonar REST API?

Answer 1

You should use Branch Plugin in order to analyse branches for only new issues. This plugin has a corresponding Quality Gate:

For short-lived branches, there is a kind of hard-coded quality gate focusing only on new issues.

It will create Issues only if there are new bugs or vulnerabilities.

As per the plugin documentation all your feature branches should be identified as short-lived branches.

NOTE: Branch Plugin is licensed under SonarSource and is available in nonfree Developer Edition