SonarQube cannot analyze only changes at the moment. We have many “advanced” rules that can raise new issues on code that has not been touched. For example if you change a method behavior to return null in some cases while previously it was always non null, all places calling this method should be checked again for possible NPE.
In the past we gave multiple attempts at implementing “incremental”/“partial” analysis, but the risk of missing important issues was too high. Also, using caching of some intermediate analysis state was tried, but like often with caching, it is not a silver bullet. Performances are sometimes worst than doing a clean analysis from scratch.
What I would recommend to you is to report factually your issue, and let us investigate what are the options, before jumping to the conclusion that SonarQube should do diff analysis:
- what do you call “taking a lot of time for scanning”? Please give numbers.
- what is the size of you project? Number of files, number of ncloc?
- do you have only SonarSource rules, or do you also have custom rules, or third party plugins like PMD/checkstyle/findbugs?
- what is the part of the SonarQube analysis compared to the rest of your build/release pipeline (unit tests, integration tests)?