Comments on files that are not in the Pull Request

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    9.0.1.46107
  • what are you trying to achieve

Let’s say I create a /release1 branch from /master. When the developer is working on a User Story, say story 12345, they will create a branch /st_12345 from /release1.

When the developer is ready, they submit a Pull Request to merge /st_12345 into /release1.

What is the New Code setting I need to use so that SonarQube will only scan the code changed in /st_12345 when compared to the code in /release1?

Currently, when the scan runs and the Pull Request is decorated with comments, I am getting issues raised for code that is not in the Pull Request for /st_12345.

Hi,

Can you give an example of what you’re seeing?

 
Ann

An example is below, this file was never part of the Pull Request. The PR only contained changes to .cs and .sql files.

When I click the link “View the comment in its original context” I get the following message in Azure DevOps:

Could not find file or folder “/somehigherlevelfolder/ClientApps/projects/mocks/helpers.ts”. Select a file or folder from the tree.

Hi,

Thanks for the example. I’m out of my depth now, but I’ve flagged this thread for more expert attention. Hopefully they’ll have what they need now to get started.

 
Ann

1 Like

Hi @careywalker,

I have a couple of questions to try to clarify your use case.

  • From the image you shared with us, it seems that you’re using TFS as a code repository, am I correct?
  • Do know what source code manager is used under the hood? Git? TFVC?
  • Can you confirm that unexpected issues reported in the PR are also reported in the PR page on the SonarQube side? You can browse the code tab of your Project in SonarQube. If those files are present it means they are considered as new code.

Cheers

Hi @Philippe_Perrin

Question #1: We are using Azure Repos in Azure DevOps Server 2020
Question #2: Git
Question #3: Yes, the same comment is present in the PR page in SonarQube

I’m not sure which New Code configuration I am supposed to use to prevent this from happening.

I have another example where there are 18 code smells raised against the PR but none of the code smells were for the file in the PR.

I’m not sure which New Code configuration I am supposed to use

Well that’s an interesting question. Could you tell me what your current configuration is for this project? (Project Settings → New Code)

This is what I have configured:

Thanks a lot.

Could you please share what those 2 warnings are about?

Hi, here are the details of the 2 warnings:

image

I suspect this is the root cause of your issue. Scanner PR analysis highly relies on Git and its history. The first thing you need to do is to fix those warnings.

Please come back to us to let us know if it solves your issue.

Cheers

1 Like

Hi @Philippe_Perrin thanks, I’ll look into those warnings and see how to resolve them and see if that helps.

Is the New Code setting correct for what I am trying to achieve?

Is the New Code setting correct for what I am trying to achieve?

I clarified this internally: the new code settings only apply to branch analysis, not to PR analysis. So … yes :smiley:

1 Like