Azure DevOps Pull Request Decoration is adding Comments on Files not involved in the Merge

SonarQube 8.8
C# Scanner
Azure DevOps Pull Request Decoration

I have Sonar Pull Request Decoration for Azure DevOps. Until recently, it only added comments of Code Smells on files that were changed in the Pull Request. In the past few days, it started marking up pull requests with unrelated changes. What can I do to prevent this situation?

1 Like

SonarQube 8.9.2
C++ Scanner
Azure DevOps Pull Request Decoration

Same issue here.
On each pull request, sonar decorate all files modified since the last full scan, even if the file is not involved in the pull request.
If the full scan run between two pull requests, there is no issue. It’s major drawback because a full scan take a while and can’t be run after each merge.

Hi @matthieug, and first of all welcome to the SonarSource Community!

This is likely to be the source of the problem. You don’t automate analysis of the target branch?

@dschwartz, as the original poster here, can you elaborate on whether your situation is like @matthieug’s?

Hi @Jeff_Zapotoczny
Yes, our Azure DevOps run analysis automatically after any merge. But if you have two pull requests or more in same time, you can have an issue. Example :

  • Analysis run on target branch (develop)
  • PR1 and PR2 are created
  • PR1 is analysed before merge (no issue)
  • PR1 is merged
  • PR2 is analysed => issue : the analysis contains result from PR1 and PR2 because the full analysis have not run yet.

Hope it helps

Hi @matthieug,

If git is being used and the target branch of the pull request is available (fetched in the local repository), the scanner should use git to determine what was changed in the pull request. In that scenario the files showing up in SonarQube should match exactly what you see in your devops platform.

Are you using git in the CI agent running the scan? Could you please post the logs of the scanner with debug enabled?

Hi @dmeneses ,

Yes, our pipeline use GIT from the Azure DevOps Agent.
Please find attached sonar logs :
log-sonar.txt (2.6 MB)

If it’s still relevant, I think the problem you experienced was due to this:

WARN: Shallow clone detected, no blame information will be provided. You can convert to non-shallow with ‘git fetch --unshallow’.

The scanner needs to have access to the git history of the project to be able to build a diff between branches. Please change the way you clone the git repository. This will also affect other features in SonarQube, such as auto assignment of issues.

1 Like

@dmeneses git fetch without shallow fix the issue for me.

Thank you.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.