Branch analysis reports issues manually resolved in master

Summary
After manually resolving issues on master (“Won’t fix” or “False positive”), the issues are still reported in branch analysis.

Versions

  • SonarQube Enterprise Edition Version 7.5 (build 20543)
  • sonar-maven-plugin version 3.7.0.1746
  • gitlab-ci, image maven:3-jdk-8

I’m not really sure how to check sonar-maven-plugin version, but we use latest (mvn sonar:sonar) and 3.7.0.1746 is latest at the time of writing at least.

initial code:

public class ReproduceSqBug {
  private static final String somethingWithTheWordPasswordInIt = "asdlkj";
}

code after change:

public class ReproduceSqBug {
  private static final String somethingWithTheWordPasswordInIt = "asdlkj";

  private void unrelatedChangeToSeeIfBranchAnalysisReportsTheNowResolvedIssuesInThisFile() {}
}

Steps to reproduce

  1. Push the initial code to master
  2. Four issues are reported (one vuln and three code smells)
  3. Resolve issues manually as “Won’t fix” or “False positive”
  4. Branch off master
  5. Push “code after change” to the branch
  6. Issues are reported on branch analysis

I resolved the vulnerability and one of the code smells as “False positive”, in case there was a difference between issue types. Furthermore I resolved one code smell as “Won’t fix” and confirmed the last one. The confirmed one didn’t show up in branch analysis, but all the resolved ones did:


Hello @e.lislebo,

Could you quickly give a try to the same on a SQ 7.9.2 LTS or the latest 8.1 (as you prefer). 7.5 was an intermediate (now quite old) version. I’m not sure what could be the problem as the scenario seems pretty standard but I tried myself on a 7.9.2 and it works fine (issues are not reopened).

Hi Antoine,

Thanks, I’ll see about getting our SQ server upgraded and come back to this when that’s done.

Cheers,
Even