Configuration Checklist

  1. Verify your SonarQube™ server settings in global settings of Bitbucket

  2. Run SonarQube™ source code analysis for main branch

    1. Configure the source code analysis

    2. Analysis results must be visible in SonarQube™

  3. Configure corresponding SonarQube™ project in repo settings of Bitbucket

  4. Go to source code view and see the existing issues/stats

    1. You should see the SonarQube™ statistics and issue annotation

    2. Statistics and annotations are missing? Verify your Bitbucket repository configuration:

      1. Did you configure the correct analysis directory?

      2. Does the SonarQube™ project key match with the configuration in Bitbucket?


  5. Create a pull request with issues in the code.

  6. Run SonarQube™ source code analysis for source branch of your pull request.

  7. Go to the pull request view and check if the analysis results are visible. You should see a quality gate status overview, and issue annotations in the pull request diff.

    1. An error

      hints at a wrong analysis configuration or a wrong analysis directory setting

    2. No issue annotations:

      1. Verify that you can see the issues that should be shown in SonarQube™

      2. Do the issue annotations appear after clicking “Refreshing Sonar™ analysis” in the pull request overview? Then check your Webhook configuration


1. Sonar™ issue information not found

Problem: In the pull request, you get the following error:

Resolution: Verify that you have configured a webhook for the Include Code Quality for Bitbucket app under SonarQube™ → Administration → Configuration → Webhooks and that the last delivery status is OK (green). If it is red like in the following screenshot, check our Webhook troubleshooting guide:


2. Failed to get statistics: Component key not found

Problem: In the pull request, you get the following error:

Resolution: The app requires that you analyze the branch of your pull requests with SonarQube™. Check that you have a SonarQube™ project with that key:

If you are sure that there is a project in SonarQube™ with such a key in SonarQube™, check the selected SonarQube™ Edition in the server configuration:


3. No annotations for SonarQube™ issues within a pull request

Problem: No annotations for SonarQube™ issues are shown in a pull request, although you expect some:


a) The app only shows annotations with minimum issue severity (e.g. MAJOR) according to the repository settings option “Min. severity to show”. So if you cannot see annotations because all issues in your pull request are of severity MINOR, check this setting and update it accordingly.

b) Verify that you have configured a webhook in SonarQube™ for the Include Code Quality for Bitbucket app and that the last delivery status is OK (green). If it is red like in the following screen shot or if you don’t see a webhook entry for this app, check our Webhook troubleshooting guide:

c) For MySQL/MariaDB users: check that you use UTF-8 character set instead of latin1 or similar, otherwise you will not see annotations in your pull request and DataTruncationException in your Bitbucket server log.
To fix this, change the DB character set for the Bitbucket database tables to UTF-8 as described in the linked Atlassian ticket.

d) Check the SonarQube™ project mappings under the repository settings of the app. If the project mappings use an invalid module or analysis directory, the pull requests cannot get annotated correctly.

e) For older SonarQube™ versions, make sure to pass -Dsonar.analysis.scmRevision=COMMIT_ID with the commit SHA from your CI system to your analysis invocation.

4. Receiving the error message of “The ‘component’ parameter is missing”.



Problem: Receiving the error message of “The ‘component’ parameter is missing”.

Resolution: is caused by having an incompatible app version for their SonarQube™ version. They need to upgrade the app to the latest version, that should resolve the issue.

5. Webhook set up failed

Check if you have a webhook configuration in SonarQube™ Admin -> Configuration -> Webhooks with the name ch.mibex.bitbucket.sonar:

If there is no webhook configuration for Bitbucket, please check the Bitbucket Server log for any errors. Also, check that your network/firewall configurations allow communication between SonarQube™ and Bitbucket.

If you have a webhook configuration, you should see annotations in your pull requests, after a new analysis has been run.

If no annotations are shown, please check the webhook delivery status in SonarQube™ under SonarQube™ Admin -> Configuration -> Webhooks. If you see a 502 Server Unreachable error, then it could be either that

  • you are using localhost or a wildcard address for Bitbucket which is not supported because SonarQube™ does not allow these. Please use the real Bitbucket hostname instead.

  • you do not have a valid HTTPS certificate for Bitbucket configured in SonarQube™'s JVM, see this community article for more information.

  • you have invalid proxy settings that prevent SonarQube™ from connecting Bitbucket: check your -Dhttp.proxyHost and -Dhttp.nonProxyHosts JVM arguments

  • SonarQube™ can only reach Bitbucket on a different DNS entry (e.g. VPN) than the configured base URL in Bitbucket → Use manual webhook setup with the domain that can reach Bitbucket.


For SonarQube™ 7.7, please make sure to pass -Dsonar.analysis.scmRevision=COMMIT_ID to your SonarQube™ analysis. For newer SonarQube™ versions, this is not necessary anymore.


Two places to check the URL:

  1. On Bitbucket in Include Code Quality for Bitbucket server config:

    1. Ensure to properly set the Display URL in your Include Code Quality for Bitbucket Server Configuration, if it’s different then Application URL.

  2. On SonarQube™: make sure to set the Server base URL correctly on your SonarQube™ server:

    1. Log in to the SonarQube™ dashboard and click on the “Administration” tab.

    2. Browse to the “Configuration -> General settings -> General” menu.

    3. Under the “General” section, change the “Server base URL” to the correct server domain name.

    4. Save the changes.


7. Plugin unable to start


8. SSL certificate error: "PKIX path building failed"

Possible Causes:

  • SSL certificate for SonarQube™ is not in JVM of Bitbucket

  • JVM versions < 1.8.0_151 not properly recognizing the certificate authority

  • Using a self-signed certificate: Java does not trust the certificate and fails to connect to the application. You have to add that certificate to the trust store.

For more information, follow the advice on

9. Warning: No active SonarQube™ projects

If you get the warning No active SonarQube projects in your pull requests, then this is most likely due to the fact that none of the configured SonarQube™ projects in your repository settings match the file paths in the diff of the pull request.

To fix this:

  1. Go to Repository settingsSonar

  2. Check your configured projects under SonarQube Projects: the files in your pull request have to start with one of the configured module directory paths of your projects.
    if your pull request touches files under src/main/java/com/mycompany/ui, make sure you either have
    a) an empty module directory (if you have just one SonarQube™ project in a repository).
    b) a SonarQube™ project with module directory src/main/java that maps to the SonarQube™ project for that analysis directory (multiple SonarQube™ projects in repository) .

    The app shows issues & statistics of any SonarQube™ project that has a matching module directory. Note that an empty module directory always matches any path, so if you only have a single SonarQube™ project in your repository, just use an empty empty module directory .

  3. Add a SonarQube™ project or fix the existing ones.

  4. Go back to your pull request, and you should not get this warning anymore, but instead see the SonarQube™ statistics for the configured project(s).

For more information on how to configure SonarQube™ projects, visit our getting started guide:


SONAR™, SONARQUBE™ and SONARCLOUD™ are independent and trademarked products and services of SonarSource SA: see,,