Hi Team,
I am using SonarQube 9.9 LTS version.
We upgraded SonarQube 7.9 LTS to 8.9 LTS to 9.9 LTS.
So I have below query :
Could a new rule introduced in SonarQube 9.9 be responsible for detecting new bugs and code smells in the same codebase?
If an issue was marked as a ‘false positive’ in a previous version of SonarQube, is it automatically reopened after analyzing the same codebase in an upgraded version of SonarQube?
Please help me understand the above.
Hey there.
Yes – particularly if you’re using a built-in Quality Profile that is automatically updated when your SonarQube instance is upgraded. In good news, these issues should get backdated so as not to pollute your New Code Period.
Typically, no. An issue marked as false-positive will remain marked as such after a SonarQube upgrade.
There are some rare exceptions – such as in advanced vulnerability detection, where the “flow” of the issue might change as the rule got smarter. The issue will be reopened with the comment
Automatically reopened because the vulnerability flow changed.
And this makes sense, as the vulnerability needs to be re-reviewed.
Make sure you take the final leap, either to 2025.1 (if you use a commercial edition of SonarQube) or to 25.4 (if you use the Community Edition/Build).
Hi Colin,
Thanks for the reply.
I am using a custom Quality Profile in my project, which was created in an earlier version of SonarQube using the ‘Copy an existing quality profile’ option.
After upgrading SonarQube, I noticed an increase in the number of bugs and code smells — all of which appear to be backdated.
Currently, there are 8 deprecated rules that are still active in the Quality Profile.
Please suggest could these deprecated rules be responsible for the increase in bugs and code smells after the upgrade?
There isn’t a specific reason to believe that the deprecated rules would cause the numbers to increase. However, as rules are updated and improved over time, they can sometimes identify issues that may have been previously overlooked (false negatives). This ongoing refinement helps ensure we’re catching as many relevant issues as possible, even if that means the raw number of issues goes up after an upgrade!
Please suggest on below:
Is it correct to assume that after upgrading SonarQube, the number of bugs and code
smells may increase due to newly introduced rules, regardless of whether a built-in or custom quality profile is used?
How can we identify which rules were newly applied after an upgrade?
Each Quality Profile has a changelog.