We are using “sonarqube 8.9 datacenter”
Our custome plugin would create a issue for ‘requirements.txt’ which is unknown language file
We could see the issue in the sonarqube server if we run branch analysis;
But we couldn’t see it if we run PR analysis.
(the file: ‘requirements.txt’ is pushed to sonarqube server; but the issue isn’t)
We know the PR analysis only shows incremental issue, we can confirm the file doesn’t exist in base branch.
Does it sound a sonarqube bug for PR analysis? because we verify 7.9 edition is OK
[2021-08-23T09:53:52.926Z] 09:53:52.850 INFO: Using report: /home/jenkins/agent/workspace/update-service_PR-78/snyk-results.json
[2021-08-23T09:53:53.237Z] 09:53:52.891 DEBUG: 'requirements.txt' generated metadata with charset 'UTF-8'
// the issue would be shown at top of file because we doesn't input line number.
NewIssue newIssue = context.newIssue().forRule(activeRule.ruleKey());
newIssue.overrideSeverity(convertSeverity(severity));
NewIssueLocation location = newIssue.newLocation();
location.message(String.format("%s@%s %s | ID: %s", name, version, title, id));
String vulnerabilityFileName = context.project().toString();
if (inputFile == null) {
location.on(context.project());
} else {
location.on(inputFile);
}
newIssue.at(location);
newIssue.save();
If you said Generic Issue format is Generic Issue Import Format | SonarQube Docs,
No, we registed new rule in custom plugin, I has pasted code above.
And we just did another testing: we tried bind issue to .py file which is python language, the issue isn’t seen either during PR analysis.
So unknown language file isn’t root cause.
I’ve just taken a closer look at your code, and I suspect this is the problem:
Only issues on new lines are reported in PRs. I know you’ve said the whole file is new, but I wonder if this isn’t being hung up on a technicality. Can you try setting the line number to 1 & see if that works? If it does, then we’ve narrowed down what needs attention on the SQ side.
Ann
P.S. As a DCE customer, you have access to our professional Services team. They actually have SLAs & a responsibility to help you. No one in the community does.
I am not interface between our IT and your Services Team. so I feel feedback would be quick if I post issue here.
I deduced the working logic of current PR analysis: when the line number of issue is equal to the line number of new code, the issue can be shown; but for Branch analysis: if the file is changed, the issue can be shown in “New Code”, elsewise the issue would be shown in “Overall Code”.
We think this is bug of PR analysis: “project level”, “file level” issue can’t shown in PR analysis, so that the qualitygate becomes invalid.
I would ask our IT create ticket to your Service Team.
