Intermittent issue flagged by SonarCloud

alexvaccaro · February 24, 2021, 12:19pm

Hi,

I am using SonarCloud with Azure DevOps, I have recently added another project to my organisation and for this project I am getting an intermittent issue, i.e. the issue is flagged in one scan but then “disappears” in a subsequent scan for then re-appear on a later scan again.

The rule being flagged is S5131, so far I can see this happening only in one area of code, and I have not seen any intermittent issues in any other projects I scan with SonarCloud so far (40+ projects), and they all share the same project settings.

Does anyone have any suggestions on how to tackle or debug this issue?

Pierre-Loup_Tristant · February 25, 2021, 1:58pm

Hi @alexvaccaro,

Is the project you are analyzing on SonarCloud public?
Is S5131 raising/not raising on C# code?

Thank you.

alexvaccaro · February 25, 2021, 2:29pm

Hi @Pierre-Loup_Tristant , no, the code is private and yes, it’s scanning C# code.

Gyula_Sallai · April 13, 2021, 12:52pm

Hello,

After some private discussions with @alexvaccaro, we were able to identify a case of nondeterminism in our security analysis and implement a fix for it. The fix is now deployed onto SonarCloud and will be part of the next release of SonarQube.