We’ve got SonarQube Developer Edition version 8.2.0.32929
We use the pull request analysis with the yaml file for Gitlab CI and most of the time there are code smells in the analysis that are not relevant to the pull request
ex. In this pull request there was only 1 line of code changed
I’ve checked them and they are from different files that were not touched within this pull request
I think the problem is with determining what is part of the pull request and what is not.
It’s not about the issues, but in the analysis itself, there are lines of code identified as part of the pull request even though they were not changed in it.
This is the code identified as part of this particular pull request
Hi,
You’re right, those problems usually come from a problem determining what was changed in the pull request compared to its target branch.
The detection of the changes happens in the scanner, using the clone that is available when the scanner is executed in GitLab CI.
Please check your logs with debug enabled. It should show if there was any issues determining the changes. You can also post the logs here and we’ll have a look.
Common causes are shallow clones or broken references to branches in the clone.
right after loading metrics repository and before running sensors, there is this warning that flares up.
WARNING: WARNING: An illegal reflective access operation has occurred
WARNING: WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/C:/Users/srv_glrunner/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: WARNING: All illegal access operations will be denied in a future release
That’s the only issue I see, nothing else in the logs…
Could you please post the logs?
If debug is enabled it should show what is the sha1 of the merge base between the branch and it’s target.
Please verify that clone/checkout process is ensuring that all history of all git branches are up to date and available to the scanner.
Posting full logs (they are 10 MB, so I had to zip it) logs.zip (756.0 KB)
Debug is enabled, however I’ve gone through the entire logs, also tried to search for keywords like “merge base” or “sha1”, but I did not find anything…
I had verified that shallow cloning is disabled, in gitlab tried to change between git clone and git fetch, but the result is still the same.
16:29:16.501 DEBUG: SCM Step is disabled by configuration
16:29:16.533 INFO: Pull request 4702 for merge into master from hotfix123
16:29:16.550 DEBUG: SCM information about changed files in the branch is not available
Looks like you’re defining somewhere sonar.scm.disabled=true.