Ability to analyze only changed code, not full files


(Sergey Zhur) #1

In my project I have main branch with some issues detected by Sonar and other branches, that we analyze separately. We tried make Sonar to search issues only for changed lines in other branches, but, as I understood there is no such ability by now.
I believe it would be nice to have such feature

(Nicolas Harraudeau) #3

Hi @SergeyZ,

Thank you for your suggestion.
This is actually something we are thinking about. It is part of our effort to make the analysis run faster. However it still needs some investigation and I can’t give you any estimation of time, nor can I assure you that it will be done.

Doing it is quite complex as we often need to access files which have not been modified. For example, when you run a taint-analysis engine as we do when we search for injection vulnerabilities (ex: Rule S3649), we need to access the whole program.