Currently, renamed folders light up as new code, which breaks the quality gate on new code approach.
This has been asked in the past and the answer was “we’ll see”. Are there any news? Should we get a Jira issue to track the status of this if there is any serious intention to implement it?
It’s currently a bit annoying to manually add exceptions and it discourages people from refactoring.
I’m using SonqrQube Enterprise Edition - Version 9.9.1 (build 69595)
Hey there.
As noted in the template post, what version of SonarQube are you using?
Enterprise Edition - Version 9.9.1 (build 69595)
But, as far as I’m aware, this feature is not available in any version. Or is it?
File Move Detection is supported, and has been since SonarQube v6.0 (SONAR-3321). In SonarQube v9.8, we also extended that support to Pull Requests (SONAR-13579).
Are these Quality Gate failures happening in the context of a branch analysis (like your main branch) or a Pull Request Analysis? Are your projects using Git?
This doesn’t seem to work in my case, unless I’m misunderstanding something.
Is it OK to link to screenshots? I think that’s the best way to illustrate it.
I’ve merged a feature branch into develop branch where two folders were renamed. The scan on develop, where master is configured as a reference branch, picks up a ton of changes within the affected files (about half the total number of lines in the file): image link to sonarqube scan
However, when I compare develop to master in git it does recognize the folder rename and says that the files haven’t changed: image link to bitbucket diff
In the above screenshots the red highlight is used to obscure the client name and it’s not relevant, but the green and blue highlight always hide the same 2 strings which are the two new names of the folders that were renamed.
Is there any other info I can provide to help identify the cause of the issue?
There’s a little warning in the upper right of this screenshot.
Can you check what it is? I wonder if it’s SCM related.
Thanks a ton for looking into it! Here is the text of the warning:
There are problems with file encoding in the source code. Please check the scanner logs for more details.
Then, when I look at the scanner logs below is what I find.
Isn’t this getting into raising a support ticket territory? There I can also attach the diagnostics output file.
ge.jacoco.xmlReportPaths’ is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
15:38:26 INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
15:38:26 INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=1ms
15:38:26 INFO: Sensor CSS Rules [javascript]
15:38:30 INFO: 298 source files to be analyzed
15:38:31 INFO: 298/298 source files have been analyzed
15:38:31 INFO: Hit the cache for 0 out of 0
15:38:31 INFO: Miss the cache for 0 out of 0
15:38:31 INFO: Sensor CSS Rules [javascript] (done) | time=4748ms
15:38:31 INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
15:38:31 INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
15:38:31 INFO: Sensor PHP sensor [php]
15:38:31 INFO: Starting PHP symbol indexer
15:38:31 INFO: 297 source files to be analyzed
15:38:39 INFO: 297/297 source files have been analyzed
15:38:39 INFO: Cached information of global symbols will be used for 0 out of 297 files. Global symbols were recomputed for the remaining files.
15:38:39 INFO: Starting PHP rules
15:38:39 INFO: 297 source files to be analyzed
15:38:49 INFO: 115/297 files analyzed, current file: sales/admin.php
15:38:59 INFO: 245/297 files analyzed, current file: sales/availability/graphAvailabilityOverviewLastXMonths - backup.php
15:39:02 WARN: Failed to resolve 48 include/require statements like ‘…/jpgraph/src/jpgraph.php’ from ‘xxxxxxxxxxxxxx’, ‘…/jpgraph/src/jpgraph_bar.php’ from ‘xxxxxxxxxxxxxx’, ‘…/jpgraph/src/jpgraph_table.php’ from ‘xxxxxxxxxxxxxx’, ‘…/oracle.config’ from ‘SA717_OFF’, ‘SAMFB_graph.php’ from ‘TDF_OFF’, ‘graphTVMSalesCustomDay.php’ from ‘sales’, ‘mssql.php’ from ‘actions’, ‘mysql.php’ from ‘eLisa’
15:39:02 INFO: 297/297 source files have been analyzed
15:39:02 INFO: The PHP analyzer was able to leverage cached data from previous analyses for 0 out of 297 files. These files were not parsed.
15:39:02 INFO: No PHPUnit tests reports provided (see ‘sonar.php.tests.reportPath’ property)
15:39:02 INFO: No PHPUnit coverage reports provided (see ‘sonar.php.coverage.reportPaths’ property)
15:39:02 INFO: Sensor PHP sensor [php] (done) | time=31011ms
15:39:02 INFO: Sensor Analyzer for “php.ini” files [php]
15:39:02 INFO: Sensor Analyzer for “php.ini” files [php] (done) | time=3ms
15:39:02 INFO: Sensor IaC Docker Sensor [iac]
15:39:02 INFO: 0 source files to be analyzed
15:39:02 INFO: 0/0 source files have been analyzed
15:39:02 INFO: Sensor IaC Docker Sensor [iac] (done) | time=50ms
15:39:02 INFO: Sensor Serverless configuration file sensor [security]
15:39:02 INFO: 0 Serverless function entries were found in the project
15:39:02 INFO: 0 Serverless function handlers were kept as entrypoints
15:39:02 INFO: Sensor Serverless configuration file sensor [security] (done) | time=4ms
15:39:02 INFO: Sensor AWS SAM template file sensor [security]
15:39:02 INFO: Sensor AWS SAM template file sensor [security] (done) | time=0ms
15:39:02 INFO: Sensor AWS SAM Inline template file sensor [security]
15:39:02 INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=1ms
15:39:02 INFO: Sensor javabugs [dbd]
15:39:02 INFO: Reading IR files from: /usr/src/.scannerwork/ir/java
15:39:02 INFO: No IR files have been included for analysis.
15:39:02 INFO: Sensor javabugs [dbd] (done) | time=0ms
15:39:02 INFO: Sensor pythonbugs [dbd]
15:39:02 INFO: Reading IR files from: /usr/src/.scannerwork/ir/python
15:39:02 INFO: No IR files have been included for analysis.
15:39:02 INFO: Sensor pythonbugs [dbd] (done) | time=2ms
15:39:02 INFO: Sensor JavaSecuritySensor [security]
15:39:02 INFO: Reading type hierarchy from: /usr/src/.scannerwork/ucfg2/java
15:39:02 INFO: Read 0 type definitions
15:39:02 INFO: No UCFGs have been included for analysis.
15:39:02 INFO: Sensor JavaSecuritySensor [security] (done) | time=3ms
15:39:02 INFO: Sensor CSharpSecuritySensor [security]
15:39:02 INFO: Reading type hierarchy from: /usr/src/ucfg_cs2
15:39:02 INFO: Read 0 type definitions
15:39:02 INFO: No UCFGs have been included for analysis.
15:39:02 INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
15:39:02 INFO: Sensor PhpSecuritySensor [security]
15:39:02 INFO: Reading type hierarchy from: /usr/src/.scannerwork/ucfg2/php
15:39:02 INFO: Read 237 type definitions
15:39:02 INFO: Reading UCFGs from: /usr/src/.scannerwork/ucfg2/php
15:39:03 INFO: 13:39:03.249217017 Running Tarjan on 15160 nodes
15:39:03 INFO: 13:39:03.26826175 Tarjan found 15141 components
15:39:03 INFO: 13:39:03.295318005 Variable type analysis: done
15:39:03 INFO: 13:39:03.297726789 Building Runtime Type propagation graph
15:39:03 INFO: 13:39:03.410208388 Running Tarjan on 17430 nodes
15:39:03 INFO: 13:39:03.42802825 Tarjan found 17396 components
15:39:03 INFO: 13:39:03.463989176 Variable type analysis: done
15:39:03 INFO: 13:39:03.464635384 Building Runtime Type propagation graph
15:39:03 INFO: 13:39:03.539100412 Running Tarjan on 17423 nodes
15:39:03 INFO: 13:39:03.554686998 Tarjan found 17391 components
15:39:03 INFO: 13:39:03.583376827 Variable type analysis: done
15:39:03 INFO: Analyzing 1049 ucfgs to detect vulnerabilities.
15:39:04 INFO: All rules entrypoints : 209
15:39:04 INFO: Retained UCFGs : 360
15:39:05 INFO: Taint analysis starting. Entrypoints: 209
15:39:05 INFO: Running symbolic analysis for ‘PHP’
15:39:07 INFO: Taint analysis: done.
15:39:07 INFO: Sensor PhpSecuritySensor [security] (done) | time=4549ms
15:39:07 INFO: Sensor PythonSecuritySensor [security]
15:39:07 INFO: Reading type hierarchy from: /usr/src/.scannerwork/ucfg2/python
15:39:07 INFO: Read 0 type definitions
15:39:07 INFO: No UCFGs have been included for analysis.
15:39:07 INFO: Sensor PythonSecuritySensor [security] (done) | time=0ms
15:39:07 INFO: Sensor JsSecuritySensor [security]
15:39:07 INFO: Reading type hierarchy from: /usr/src/.scannerwork/ucfg2/js
15:39:07 INFO: Read 0 type definitions
15:39:07 INFO: No UCFGs have been included for analysis.
15:39:07 INFO: Sensor JsSecuritySensor [security] (done) | time=0ms
15:39:07 INFO: ------------- Run sensors on project
15:39:07 INFO: Sensor Analysis Warnings import [csharp]
15:39:07 INFO: Sensor Analysis Warnings import [csharp] (done) | time=1ms
15:39:07 INFO: Sensor Zero Coverage Sensor
15:39:07 INFO: Sensor Zero Coverage Sensor (done) | time=49ms
15:39:07 INFO: SCM Publisher SCM provider for this project is: git
15:39:07 INFO: SCM Publisher 2 source files to be analyzed
15:39:07 INFO: SCM Publisher 2/2 source files have been analyzed (done) | time=153ms
15:39:07 INFO: CPD Executor 21 files had no CPD blocks
15:39:07 INFO: CPD Executor Calculating CPD for 257 files
15:39:08 INFO: CPD Executor CPD calculation finished (done) | time=311ms
15:39:08 INFO: Load New Code definition
15:39:08 INFO: Load New Code definition (done) | time=100ms
15:39:08 INFO: SCM writing changed lines
15:39:08 INFO: Merge base sha1: 7402b4f3b75dc3a23ad76a68a41d15b5c3b8d087
15:39:08 INFO: SCM writing changed lines (done) | time=560ms
15:39:08 INFO: Analysis report generated in 751ms, dir size=13.1 MB
15:39:09 INFO: Analysis report compressed in 1068ms, zip size=6.6 MB
15:39:09 INFO: Analysis report uploaded in 186ms
15:39:09 INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarqube.-----------------------/dashboard?id=------------------_Sales_Dashboard&branch=develop
15:39:09 INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
15:39:09 INFO: More about the report processing at https://sonarqube.-----------------------/api/ce/task?id=AZAwuQLjOUataTRSmKIX
15:39:10 INFO: Analysis total time: 50.698 s
15:39:10 INFO: ------------------------------------------------------------------------
15:39:10 INFO: EXECUTION SUCCESS
15:39:10 INFO: ------------------------------------------------------------------------
15:39:10 INFO: Total time: 55.910s
15:39:10 INFO: Final Memory: 112M/456M
15:39:10 INFO: ------------------------------------------------------------------------
If you have access to Commercial Support, it would be great if you filed a ticket there. That’s not the case for all our users (even EE users), which is usually when they post here.
I don’t see anything about encoding issues in the logs shared, but they might come before the section you shared. Off the top of my head, encoding issues shouldn’t cause an issue with detecting file moves, but maybe it does cause an issue comparing file contents.
