Template for a good new topic, formatted with Markdown:
ALM used: Azure DevOps
CI system used: Azure DevOps
Scanner command used when applicable (private details masked)
Languages of the repository: C#
We constantly notice inconsistent sonarcloud reports:
Our current process is: feature branch (FB) ->(merges into) long-lived feature branch (LLB) → main branch (MB)
each merge (PR) is gated with sonarcloud analysis and quality gate (same CI pipeline runs for all PRs)
during pull request from FB to LLB, if bugs/smells are found - they are resolved.
LLB ends up containing multiple features, but it SHOULD NOT have any new bugs/code smells, because all of them should be caught by FB PR gate.
What we see is that when we create a PR from LLB to main branch MB - we end up with gate failing because new bugs/smells are detected.
We can trace back to specific sonar scan where the change (and therefore bug) was added to solution, but it was not detected by the gate.
Steps to reproduce
Don’t know how to reproduce, new bugs/smells vary in type but we constantly see the behavior described above.
how can this be resolved? solution can only have one quality profile, so same rules should be applied to all scans