Shift left for higher quality pull requests with Code Insights for Bitbucket Cloud

by thomas olivier|

Atlassian officially released its new feature Code Insights for Bitbucket Cloud as part of its DevOps launch. We are happy to announce that SonarCloud integrates fully with this new feature to provide a smoother Code Quality and Security experience! Bugs and Vulnerabilities detected by SonarCloud can now be reviewed directly within the Pull Request in Bitbucket Cloud.

More Code Insights for better code reviews

Let's start by looking at what Code Insights offers. Getting high-quality feedback early in your development process is critical, and the earlier you can detect Bugs or Vulnerabilities, the cheaper and faster it is to fix them. Code Insights brings this feedback to you directly in your Pull Requests. It enables developers to identify issues during the normal code review process, as part of the new Code Review Experience in Bitbucket Cloud. More specifically, you can now access reports on Vulnerabilities from third-party scanning, testing and analysis tools. You don’t need to switch context anymore to review your issues and decide when you have to act. Now that you know about Code Insights, let's talk about using it with SonarCloud.

Improved Code Quality and Security experience

As you may already know, SonarCloud helps developers to assess their code health and detect Bugs, Vulnerabilities, and Code Smells in their Bitbucket Cloud repositories. It provides insights on Code Quality AND Security at different stages: across your code repo, in each specific development branch,  and most importantly directly in Pull Requests. With Code Insights, SonarCloud can go a step further with Bitbucket Cloud’s integration, so that improving Code Quality and Security becomes an even smoother experience for developers.

View your issues in Bitbucket Cloud

SonarCloud’s Analysis report is accessible from the right sidebar, in the “Report” section. Once you click on the “SonarCloud Code Analysis” report, you get information about your Pull Request:

  • Numbers of Bugs, Vulnerabilities and Code Smells
  • List of issues with their severities, summaries, and locations
  • A link to SonarCloud’s explanation for each issue

When you need further information about an issue, click on the external link to access it in SonarCloud. You'll see where the issue is located in the context of your code and get a more detailed explanation of why it is an issue. Our rule description and remediation guidance will help you fix it. 

A new opportunity to shift left

Code Insights with SonarCloud gives you a new opportunity to shift left, by dealing with code issues early in your development cycle. Try it in your next Pull Request and let us know how that works for you! Please share your feedback on http://community.sonarsource.com.