mc1arke/sonarqube-community-branch-plugin
Java LGPL-3.0 DevOps Single maintainer risk unsupported-by-vendorA plugin that allows branch analysis and pull request decoration in the Community version of Sonarqube
2.8k
Stars
592
Forks
13
Open issues
30
Contributors
AI Analysis
This plugin extends SonarQube Community Edition to enable branch analysis and pull request decoration, features otherwise restricted to commercial editions. It is specifically designed for organizations using SonarQube Community who need multi-branch CI/CD integration without commercial licensing; it is not for users of commercial SonarQube editions or those seeking official vendor support.
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
Community-maintained SonarQube plugin backports branch and PR analysis to free tier
A Java plugin that replicates SonarQube's commercial branch and pull request analysis features in the Community Edition. Built and maintained by the community (not SonarSource) to fill a gap for teams using free SonarQube who need multi-branch CI/CD integration. Adoption appears concentrated among cost-conscious organizations already committed to SonarQube but not licensed for Developer/Enterprise tiers. Actively maintained with regular compatibility updates matching upstream SonarQube releases.
Created March 2019 as a response to SonarSource's decision to restrict branch and PR features to commercial editions. Has evolved through multiple SonarQube major versions, with the maintainer (mc1arke) releasing version-matched plugin releases (e.g., 25.4.0 for SonarQube 25.4.x). Maintains official Docker images and Kubernetes Helm integrations.
Star growth has been steady but modest (2,791 stars, 10 gained in last 7 days as of 2026-06-29). Fork-to-star ratio (592:2791 ≈ 21%) suggests active deployment rather than casual observation. Last commit June 29, 2026 indicates continuous maintenance. Growth likely driven by: (1) SonarQube adoption in cost-sensitive environments, (2) CI/CD teams needing branch tracking without commercial licenses, (3) Docker/Kubernetes ecosystem integration. Not exponential, but consistent with a niche utility project serving a defined problem.
Adoption not verified through public metrics. Evidence suggests real-world use via: (1) 592 forks (higher than typical for academic/hobby projects), (2) Maintained Docker Hub registry with versioned images, (3) Kubernetes Helm integration instructions, (4) CI/CD configuration examples in README. However, no public customer list, corporate adoption statements, or large-scale deployment announcements. GitHub issues/discussions likely contain deployment evidence, but not visible in README.
Based on README, uses Java agents (javaagent instrumentation) to intercept and modify SonarQube's web and compute engine (CE) behavior. Appears to replace webapp contents via ZIP override and inject branch/PR logic at runtime. Likely implements class bytecode transformation to hook into SonarQube internals. Implementation details not accessible from README alone, but javaagent approach suggests deep integration points vulnerable to upstream changes.
Not documented in README. CI/CD badge present (GitHub Actions build status shown), but test execution and coverage metrics not disclosed.
Last push 2026-06-29 (8 days before analysis date) indicates active maintenance. Version compatibility explicitly tied to upstream SonarQube releases (25.4 plugin for 25.4.x SonarQube). Release page referenced as primary source of truth. This is reactive, version-following maintenance rather than feature-driven development — appropriate for a plugin ecosystem dependency.
ADOPT IF: you are running SonarQube Community Edition and cannot justify commercial licensing, your team uses Git branches heavily in CI/CD, you are comfortable with unsupported third-party runtime instrumentation, and you have verified the version compatibility with your SonarQube release. AVOID IF: you require SonarSource vendor support, you plan to migrate to a commercial SonarQube edition, you need high-risk data continuity assurance, or your organization has policies against javaagent bytecode manipulation in production. MONITOR IF: you are evaluating SonarQube cost/benefit and considering whether commercial branch features justify the upgrade, or you are concerned about long-term plugin maintainability as SonarQube internals evolve.
Independent dimensions
Mainstream potential
2/10
Technical importance
6/10
Adoption evidence
5/10
- Javaagent instrumentation creates tight coupling to SonarQube internal APIs; no forward compatibility guarantees if SonarSource refactors web or CE layers, potentially breaking the plugin mid-SonarQube upgrade cycle.
- README explicitly warns of data loss risk when migrating from Community Edition + plugin to commercial editions; users must understand this is not a safe stepping stone.
- Maintenance burden falls on single maintainer (mc1arke); project appears stable but has no organizational backing; future availability or response time to SonarQube breaking changes not guaranteed.
- Official SonarSource channels discourage or close support requests for this plugin; users have no upstream escalation path for production issues.
- Webapp ZIP replacement step (step 4 in installation) is manual and error-prone; inconsistent application could lead to silent feature degradation or inconsistent behavior.
Likely to remain a stable, niche utility for cost-conscious SonarQube Community deployments through 2027–2028. As SonarQube licensing becomes more prevalent in enterprises and free tiers are evaluated less frequently, adoption may plateau or decline. Risk of sudden breakage if SonarSource makes major architectural changes to web/CE layer, but reactive maintenance pattern suggests the maintainer will issue compatibility patches. Not headed toward mainstream adoption or commercial viability; success is defined by reliable compatibility patches, not feature growth.
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Language
- Java
- License
- LGPL-3.0
- Last updated
- 2w ago
- Created
- 89mo ago
- Analyzed with
- anthropic/claude-haiku-4-5
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Open issues
ETA for plugin version 26.7 ?
ETA for Sonarqube Community 26.6?
Summary is never deleted
GitHub Actions auto-configuration treats Forgejo pull_request refs as branch analysis
"Version no longer active" warning still displayed after upgrading to Community Build 26.5.0
Top contributors
Recent releases
Similar repos
SonarOpenCommunity/sonar-cxx
This is a SonarQube plugin that adds C++ language support to SonarQube,...
zinja-coder/jadx-ai-mcp
JADX-AI-MCP is a specialized MCP (Model Context Protocol) server and JADX...
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
2.8k | +7 | Java | 7/10 | 2w ago |
|
|
1.1k | — | Java | 7/10 | 20h ago |
|
|
1.2k | — | Java | 8/10 | 21h ago |
|
|
10.8k | — | Java | 8/10 | 16h ago |
|
|
2.5k | — | Java | 7/10 | 1mo ago |
|
|
22.9k | — | TypeScript | 8/10 | 9h ago |
Official branch/PR support; vendor-backed; no javaagent instrumentation; no data loss risk on migration; licensing cost required. This plugin is a workaround, not a replacement.
Adds portfolio management and advanced security features; SonarSource official support. Plugin addresses only branch/PR subset of commercial capabilities.
Cloud-hosted analysis; no self-hosted infrastructure; per-repo or organization pricing. Different deployment model, not direct plugin competition.
Integrated analysis without SonarQube; requires platform switch. Orthogonal to this plugin's niche.
Native branch/PR analysis in GitHub; SonarQube integration via actions. This plugin only relevant for self-hosted SonarQube users.