Disabling the incremental analysis mechanisms

SonarQube Developer version: 2025.2
SonarScanner for MSBuild 9.0.2
k8s helm installation eks 1.31
Language: C#

Hello,
We want to disable caching and ensure that a full branch scan is always performed, as pull request analysis is not currently implemented in our setup. We’re using Jenkins to trigger the analysis runs, but occasionally the analyzer incorrectly identifies a run as a PR incremental scan, which results in inaccurate data being sent to SonarQube.

According to the documentation (SonarSource Docs - Disabling or Changing Incremental Analysis), we’ve applied the relevant parameter to disable incremental analysis. However, it appears the setting is being ignored.

sonar.analysisCache.enabled=false

scanner log:

[2025-05-21T15:07:43.163Z] + pwd
[2025-05-21T15:07:43.163Z] + CURRENT_PATH=/home/jenkins/agent/workspace/xxxxx
[2025-05-21T15:07:43.163Z] + dotnet sonarscanner begin /k:Core /d:sonar.branch.name=master /d:sonar.scanner.scanAll=false /v:xxxxx /d:sonar.analysisCache.enabled=false /d:sonar.inclusions=**/*.cs /d:sonar.coverage.exclusions=**/*
[2025-05-21T15:07:43.163Z] SonarScanner for MSBuild 9.0.2
[2025-05-21T15:07:43.163Z] Using the .NET Core version of the Scanner for MSBuild
[2025-05-21T15:07:43.420Z] Pre-processing started.
[2025-05-21T15:07:43.420Z] Preparing working directories...
[2025-05-21T15:07:43.420Z] 15:07:43.207  Updating build integration targets...
[2025-05-21T15:07:43.676Z] 15:07:43.429  Using SonarQube v2025.2.0.105476.
[2025-05-21T15:07:43.677Z] 15:07:43.567  The JRE provisioning is a time consuming operation.
[2025-05-21T15:07:43.677Z] JRE provisioned: OpenJDK17U-jre_aarch64_linux_hotspot_17.0.13_11.tar.gz.
[2025-05-21T15:07:43.677Z] If you already have a compatible java version installed, please add either the parameter "/d:sonar.scanner.skipJreProvisioning=true" or "/d:sonar.scanner.javaExePath=<PATH>".
[2025-05-21T15:07:45.570Z] 15:07:45.046  Fetching analysis configuration settings...
[2025-05-21T15:07:45.570Z] 15:07:45.414  Provisioning analyzer assemblies for cs...
[2025-05-21T15:07:45.570Z] 15:07:45.415  Installing required Roslyn analyzers...
[2025-05-21T15:07:45.570Z] 15:07:45.415  Processing plugin: csharpenterprise version 10.7.0.110445
[2025-05-21T15:07:45.570Z] 15:07:45.465  Processing plugin: vbnetenterprise version 10.7.0.110445
[2025-05-21T15:07:45.570Z] 15:07:45.49  Processing plugin: securitycsharpfrontend version 11.1.0.35630
[2025-05-21T15:07:45.825Z] 15:07:45.626  Provisioning analyzer assemblies for vbnet...
[2025-05-21T15:07:45.825Z] 15:07:45.626  Installing required Roslyn analyzers...
[2025-05-21T15:07:45.825Z] 15:07:45.626  Processing plugin: csharpenterprise version 10.7.0.110445
[2025-05-21T15:07:45.825Z] 15:07:45.626  Processing plugin: vbnetenterprise version 10.7.0.110445
[2025-05-21T15:07:45.825Z] 15:07:45.631  Incremental PR analysis: Automatically detected base branch 'master' from CI Provider 'Jenkins'.
[2025-05-21T15:07:45.825Z] 15:07:45.631  Downloading cache. Project key: Core, branch: master.
[2025-05-21T15:07:45.825Z] 15:07:45.777  Incremental PR analysis: 2583 files out of 2593 are unchanged.
[2025-05-21T15:07:45.825Z] 15:07:45.801  Pre-processing succeeded.

The above causes sonarqube issues tracking impossible for new analysis:

image903×388 26.1 KB

Hey there.

Until SCAN4NET-184 is implemented, the Scanner for .NET is not aware of sonar.analysisCache.enabled.

The cache should only attempt to be retrieved if sonar.pullrequest.base is set. Is there something in your pipeline that could be causing this to be mistakenly set sometimes?

Out of curiosity – why?

If it’s noisy PR decoration, there is a switch in the project-level settings now to disable in-line annotations

image493×142 4.86 KB

Hi Colin

Thank you for the quick response. I’m a bit disappointed to see that the feature is marked as available in the main documentation, yet it’s not actually implemented in the scanner.

In our Bitbucket → Jenkins setup, some builds are triggered after a PR is merged, so we don’t have any actual pull request analysis in place. However, SonarQube is occasionally detecting these builds as incremental PR scans, which is unexpected.

I’m currently investigating how to disable this unintended behavior, as it’s interfering with our new code detection. This impacts our ability to enforce quality gates and fully leverage the product as intended.

Below is a sanitized snippet of the background task, with sensitive information removed. As you can see, there is no sonar.pullrequest.base configuration, and we’re not applying any PR-specific parameters manually.

The only parameters passed to the scanner during branch builds are:

/k:xxxx
/d:sonar.branch.name=xxxxx
/d:sonar.scanner.scanAll=false
/v:xxxxx
/d:sonar.analysisCache.enabled=false
/d:sonar.inclusions=**/*.cs
/d:sonar.coverage.exclusions=**/*

I have a few questions:

1. Is there a workaround to explicitly disable PR-related scanning, given that we don’t use it at all?
2. Is there any way to raise the priority or visibility of this issue: SCAN4NET-184?
3. As a paid customer, is there a dedicated escalation channel other than the community forum?

Thanks again for your support.
Regards,
Edgar

Log:

Plugins:
Bundled analyzers:
  - JaCoCo 1.3.0.1538 (jacoco)
  - IaC Code Quality and Security 1.44.0.14670 (iacenterprise)
  - IaC Code Quality and Security 1.44.0.14670 (iac)
  - Text Code Quality and Security 2.21.1.5779 (textdeveloper)
  - Clean as You Code 2.4.0.2018 (cayc)
Global server settings:
  - sonar.abap.file.suffixes=.abap,.ab4,.flow,.asprog
  - sonar.auth.saml.enabled=true
  - sonar.auth.saml.loginUrl=xxxxxx
  - sonar.auth.saml.providerId=xxxxxxx
  - sonar.auth.saml.user.email=email
  - sonar.auth.saml.user.login=login
  - sonar.auth.saml.user.name=name
  - sonar.autodetect.ai.code=false
  - sonar.azureresourcemanager.file.suffixes=.bicep
  - sonar.c.file.suffixes=.c,.h
  - sonar.core.id=xxxxx
  - sonar.core.serverBaseURL=xxxxxxxxx
  - sonar.core.startTime=2025-04-23T06:59:47+0000
  - sonar.cpp.file.suffixes=.cc,.cpp,.cxx,.c++,.hh,.hpp,.hxx,.h++,.ipp,.ixx,.mxx,.cppm,.ccm,.cxxm,.c++m
  - sonar.cs.file.suffixes=.cs,.razor
  - sonar.css.file.suffixes=.css,.less,.scss,.sass
  - sonar.dart.file.suffixes=.dart
  - sonar.dbcleaner.branchesToKeepWhenInactive=master,develop,trunk
  - sonar.docker.file.patterns=Dockerfile,*.dockerfile
  - sonar.flex.file.suffixes=as
  - sonar.forceAuthentication=true
  - sonar.go.file.suffixes=.go
  - sonar.html.file.suffixes=.html,.xhtml,.cshtml,.vbhtml,.aspx,.ascx,.rhtml,.erb,.shtm,.shtml,.cmp,.twig
  - sonar.ipynb.file.suffixes=ipynb
  - sonar.java.file.suffixes=.java,.jav
  - sonar.java.jvmframeworkconfig.file.patterns=**/src/main/resources/**/*app*.properties,**/src/main/resources/**/*app*.yaml,**/src/main/resources/**/*app*.yml
  - sonar.javascript.file.suffixes=.js,.jsx,.cjs,.mjs,.vue
  - sonar.json.file.suffixes=.json
  - sonar.jsp.file.suffixes=.jsp,.jspf,.jspx
  - sonar.kotlin.file.suffixes=.kt,.kts
  - sonar.license.notifications.remainingLocThreshold=100000
  - sonar.multi-quality-mode.enabled=false
  - sonar.objc.file.suffixes=.m
  - sonar.php.file.suffixes=php,php3,php4,php5,phtml,inc
  - sonar.plsql.file.suffixes=sql,pks,pkb
  - sonar.plugins.risk.consent=ACCEPTED
  - sonar.projectCreation.mainBranchName=master
  - sonar.python.file.suffixes=py
  - sonar.ruby.file.suffixes=.rb
  - sonar.scala.file.suffixes=.scala
  - sonar.swift.file.suffixes=.swift
  - sonar.terraform.file.suffixes=.tf
  - sonar.tsql.file.suffixes=.tsql
  - sonar.typescript.file.suffixes=.ts,.tsx,.cts,.mts
  - sonar.vbnet.file.suffixes=.vb
  - sonar.xml.file.suffixes=.xml,.xsd,.xsl,.config
  - sonar.yaml.file.suffixes=.yaml,.yml
Project server settings:
  - sonar.abap.file.suffixes=.abap,.ab4,.flow,.asprog
  - sonar.azureresourcemanager.file.suffixes=.bicep
  - sonar.c.file.suffixes=.c,.h
  - sonar.cpp.file.suffixes=.cc,.cpp,.cxx,.c++,.hh,.hpp,.hxx,.h++,.ipp,.ixx,.mxx,.cppm,.ccm,.cxxm,.c++m
  - sonar.cs.file.suffixes=.cs,.razor
  - sonar.css.file.suffixes=.css,.less,.scss,.sass
  - sonar.dart.file.suffixes=.dart
  - sonar.docker.file.patterns=Dockerfile,*.dockerfile
  - sonar.flex.file.suffixes=as
  - sonar.go.file.suffixes=.go
  - sonar.html.file.suffixes=.html,.xhtml,.cshtml,.vbhtml,.aspx,.ascx,.rhtml,.erb,.shtm,.shtml,.cmp,.twig
  - sonar.ipynb.file.suffixes=ipynb
  - sonar.java.file.suffixes=.java,.jav
  - sonar.java.jvmframeworkconfig.file.patterns=**/src/main/resources/**/*app*.properties,**/src/main/resources/**/*app*.yaml,**/src/main/resources/**/*app*.yml
  - sonar.javascript.file.suffixes=.js,.jsx,.cjs,.mjs,.vue
  - sonar.json.file.suffixes=.json
  - sonar.jsp.file.suffixes=.jsp,.jspf,.jspx
  - sonar.kotlin.file.suffixes=.kt,.kts
  - sonar.objc.file.suffixes=.m
  - sonar.php.file.suffixes=php,php3,php4,php5,phtml,inc
  - sonar.plsql.file.suffixes=sql,pks,pkb
  - sonar.python.file.suffixes=py
  - sonar.ruby.file.suffixes=.rb
  - sonar.scala.file.suffixes=.scala
  - sonar.swift.file.suffixes=.swift
  - sonar.terraform.file.suffixes=.tf
  - sonar.tsql.file.suffixes=.tsql
  - sonar.typescript.file.suffixes=.ts,.tsx,.cts,.mts
  - sonar.vbnet.file.suffixes=.vb
  - sonar.xml.file.suffixes=.xml,.xsd,.xsl,.config
  - sonar.yaml.file.suffixes=.yaml,.yml
Project scanner properties:
  - sonar.analysisCache.enabled=false
  - sonar.branch.name=master
  - sonar.coverage.exclusions=**/*
  - sonar.host.url=xxxxxxxx
  - sonar.inclusions=**/*.cs
  - sonar.modules=5C609CB5-9963-4A04-924A-798AA30D3EEF,692D59EE-5370-4A9F-B1DC-66E8C6D628F3,A9472A57-FD34-4DDD-A242-A624ECFF6044,188B244F-E1BB-4E2E-9685-F35794A6AA97,17A86A86-E703-4A8D-ADCA-EC11927D95AD,CDF264D6-AC05-4888-8201-CED4ECF35F50,5C3D8A0E-B384-421D-B205-AE23007E9A8C,C99DE813-173F-40B9-9825-3CCB20898A95,E885215B-BDF1-4CDB-A89A-04FA473E6074,983BC327-77B2-48B3-B28F-0A9DE64EF9CB,BF863A9E-0443-46BD-BF6B-D914CA9017FA,52AF6978-D311-49CB-91AD-5F576F0C9C3C,01072E71-E4B6-4E77-B82A-354FDFC4602C,9085D29F-3902-4E88-995C-FE10B7A994CA,023B0098-29E7-472C-9077-3E47485B33FE,4E640C0E-E823-4FB7-92A6-C6A544C44FEF,2AE738D7-1273-4BC2-8F58-9C2043109E8A,4F178B61-AAAB-4FA1-8881-5810CD9AE1D3,929D4455-5115-4287-935A-691480264240,15D14237-BC6F-4131-ABD9-E4AA306BB22B,DC9012EC-4960-4F6C-8435-960CF7624BFA,98D886B3-778A-4D76-964A-0601A5F1B3DE,E4F81CCE-F5B0-454D-A20C-FE30A5B4E4A0,9CCBD309-348A-4A97-8F53-D9A904A01CF3,9A7B90A4-4881-4DB7-B7F0-4213F39ACA92,DF9F1C9B-33A5-4300-8C92-9F521125DFBB,62CDC63B-9AFF-4FA4-8E04-02B9ABBA195...
  - sonar.projectBaseDir=/xxxxxxxxxxxx
  - sonar.projectKey=xxxxxxx
  - sonar.projectVersion=xxxxxxxx
  - sonar.pullrequest.cache.basepath=/xxxxxxxxxxxx
  - sonar.scanAllFiles=true
  - sonar.scanner.app=ScannerMSBuild
  - sonar.scanner.appVersion=9.0.2
  - sonar.scanner.scanAll=false
  - sonar.sourceEncoding=US-ASCII
  - sonar.sources="/xxxxxxxxxxxx/Tests/testsettings.shared.json"
  - sonar.token=******
  - sonar.visualstudio.enable=false
  - sonar.working.directory=/xxxxxxxxxxxx/.sonarqube/out/.sonar

Hey @edgarkz

I should have checked the next branch of code I was looking at!

I think that the problem lies with BITBUCKET_TARGET_BRANCH environment variable being set in your environment, which triggers automatic base-branch detection (and the assumption you’re running in a PR context).

You could do everything you can to make sure that variable is not set (it’s weird that it is if you aren’t in a PR context. Something left over from another run?)

I’ll link this thread to that ticket, which helps us track traction over time. I agree that the docs should reflect that sonar.analysisCache.enabled doesn’t work for the SonarScanner for .NET. I’ve already pinged our docs folks.

If you subscribe to Commercial Support – yes. If not, you have our Community. I checked your e-mail domain against our CRM, you fall into the latter.

Thank you for pointing out the relevant code related lines

        Tuple.Create("Jenkins", "gitlabTargetBranch"),
        Tuple.Create("Jenkins", "BITBUCKET_TARGET_BRANCH"),
        Tuple.Create("GitHub Actions", "GITHUB_BASE_REF"),
        Tuple.Create("GitLab", "CI_MERGE_REQUEST_TARGET_BRANCH_NAME"),
        Tuple.Create("BitBucket Pipelines", "BITBUCKET_PR_DESTINATION_BRANCH"),

now we have at least some direction for further investigation

My apologies that this wasn’t documented properly, I’ve added a note on that page so that future users won’t run into the same issue.