Hi, everyone:
I just found out an abnormal behaviour I could reproduce but I cannot explain.
Whenever I run a second analysis over a branch on a project whose new code period is set to reference branch, commit info dissapears on the SonarQube UI (on an Enterprise Edition)
This is the way to reproduce the behaviour. I used NodeGoat project for demo purposes:
https://github.com/OWASP/NodeGoat.
In my case, I have forked the project here in order to not disturb the original repo: https://github.com/mariotepro/NodeGoat. You could use it if you will
- Clone the repo: git clone https://github.com/mariotepro/NodeGoat.git
- git checkout develop
- run an analisis of the develop branch
- go to SonarQube and set new code to reference branch (develop)
- git checkout the branch. In our case, git checkout test/new_code
- run an analisis of the test/new_code branch.
I have modified app/data/profile-dao.js in order to add a line of code:
const password = ‘1234567234523test’
You will see this in SonarQube, and that’s fine:
As you see, commit info is on SonarQube, as well as the issue is raised. Everything ok.
- run another analysis of the test/new_code branch
And there you are.
Commit info has disappeared. The issue is still there and is correct, as well as the issue date but blaming info has dissapeared:
I found this in one of our customers and then tried to reproduce it. They have a daily pipeline and commits occurs every two to three days, so if you look at the code in SonarQube the second or the third day, this will show up.
I have tried this on several projects and instances. If you introduce some more commits, and therefore, some more lines, or separated blocks, none of the commit info inside your branch is displayed.
I have reproduced it in:
SonarQube 9.9.4 LTA, SonarQube 10.5, both Enterprise Edition (have not a Developer or Data Center to play with) with SonarScanners 4.6, 4.8 and 5.0.1
Am I maybe doing smth wrong?
I can provide more info if necessary.
