Bitbucket SonarQube PR checks not detecting errors in new lines of code

Must-share information (formatted with Markdown):

  • SonarQube Developer Edition Version 10.3 (build 82913)
  • How is SonarQube deployed: zip
  • What are you trying to achieve: Scan Bitbucket PRs
  • What have you tried so far to achieve this: Enable the Sonar Quality Checks in BitBucket

We have SonarQube Development and BitBucket running on promise. We installed the SonarQube integration and enabled it for PR Review. We see many errors in new lines which are not detected during the PR build and are only detected after the Merge. Example:

New code was introduced on this PR

The scan said everything was green:

But after the merge it comes the surprise:

What should we do so that errors on new lines are detected during the PR Review?

Thanks

d

Hey there.

This tells me that maybe your New Code wasn’t detected during the PR analysis.

You’ve shown a screenshot of Bitbucket – but could you take a screenshot of the Pull Request analysis in SonarQube? It shouldn’t have been swept up by housekeeping yet. Is there any code in the Code tab? Any analysis warnings in the upper right?

Here it goes:

Your screenshot show the last analysis had warnings. What are they?

SonarScanner will require Java 17 to run, starting in SonarQube 10.4. Please upgrade the version of Java that executes the scanner and refer to the documentation if needed.

The property ‘sonar.login’ is deprecated and will be removed in the future. Please use the ‘sonar.token’ property instead when passing a token.

Could not find ref ‘develop’ in refs/heads, refs/remotes, refs/remotes/upstream or refs/remotes/origin. You may see unexpected issues and changes. Please make sure to fetch this ref before pull request analysis and refer to the documentation.

Using Node.js version 14 to execute analysis is deprecated and will stop being supported no earlier than May 1st, 2023. Please upgrade to a newer LTS version of Node.js [18, 20]

Here is the issue.

What environment is your analysis configured in (Jenkins, Azure DevOps, Bitbucket Pipelines, Bamboo, etc…) – and in that environment, have you made sure shallow clones are disabled?

Hi Colin ,

We use Bitbucket for the PRs and Bamboo for the build.

Thanks

I think “shallow” clones are the default in Bamboo, and I’d refer to some Atlassian documentation on Bamboo/Git to figure out how to disable them.

Hi Colin,

Thanks for the investigation. The problem of disabling shallow clone is that it might add a considerable overhead to our builds. How come the Sonar PR view show that there are new lines but the analysis cannot identify them?

~WRD0000.jpg