Our project has a set of issues that need to be fixed - currently according to the sonar way we are in red status.
It is setup for auto-scanning and I can see are having
scan against master of the whole code ( QualityProfile: Use ‘Sonar way’ (Java) ) - red
scans against each PR (QualityProfile: Use ‘Sonar way’ (HTML), QualityProfile: Use ‘Sonar way’ (CSS), QualityProfile: Use ‘Sonar way’ (JavaScript)) - green
On the activity tab the graph is constantly going between near 0 ( PRs ), and many (master) which isn’t that useful.
Have we set something up wrong?
Why do the profiles differ?
Wouldn’t I expect to see the graph just represent the full scans?
I realise it’s a beta, so if it’s the way it is that’s fine – I just wanted to check we hadn’t done anything wrong, and if so where to check.
Exactly! You have two analysis pushing to the same project on SonarCloud, and these analysis are configured and work very differently. The AutoScan analysis can only analyze the code of non-compiled languages, and by default it considers all your files as sources. It looks like it found HTML, CSS, and JavaScript files in your project, and it analyzed those. The other analysis you had scheduled (looks like a Maven), it configures the analysis based on your Maven configuration, and has full access to the compiled Java code, and doesn’t find the HTML, CSS, … files because they are not declared through Maven.
Yes, it’s one or the other, not both.
Currently AutoScan is not able to support importing coverage analysis reports, simply because these are usually generated during the test run, and AutoScan doesn’t run anything else other than the sonar-scanner itself. This use case is definitely on our radars.
Since we don’t expect to be able to handle Java code with AutoScan in the near future, I think it’s better for you to run the analysis yourself, using Maven.