I am running * Version 8.6
The problem I have is the quality gate on a branch. For the branch, it is showing on the “Overview” page that “Security Hotspots Reviewed on New Code is Less than 100%” if I click on this, it shows me 9 files.
However, if I click on the “Measures” page and I filter by “Size > New Lines” I see something different. None of the 9 files which are causing the quality gate failure actually show up in “Size > New Lines”.
Any thoughts? I’m not sure what’s going on here.
Any thoughts on this?
As an alternative question, is there a way to find out why SonarQube thinks a file has new code?
Hi,
Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:
8.6 → 8.9.3 → 9.2.1 (last step optional)
You may find the Upgrade Guide helpful.
Regarding your question you should see the lines considered new highlighted in yellow in the interface. Is it possible your Security Hotspots are on new Lines that aren’t Lines of Code?
Ann
Is it possible your Security Hotspots are on new Lines that aren’t Lines of Code?
No, it’s not possible. The files identified as needed Security Hotspot review did not change at all.
After more research, I found this is actually related to this other question I posted Is it possible for SonarQube to miss things during a scan? - Get help / SonarQube - SonarSource Community. What seems like what’s happening is that during the 1st scan, SonarQube doesn’t identify all of the issues because after the 2nd scan the files - which have not changed - have more issues found on them and this is triggering a quality gate failure without the files showing up under measures as “new code”.