Issue status flickering because of missing colon in Project Key?

Hi,

after the thread Issue keeps on switching between statuses without any relevant changes was closed, we checked if the cause provided at the corresponding ticket [SONAR-20695] applies to us.
The key suggestions were:

[…] in many cases the issue is scanning the same project many times in a different environment or with different parameters
[…] [do] not re-use project key for two very different analyses

Both do not apply to us, but while taking a closer look at our usage of project keys we came up with a new theory what might be the cause of the status flickering in our case.

We are using a monorepo with several maven projects, the analyses are triggered from a batch file:

call mvnw.cmd -B "-Dsonar.projectKey=my.great:project1" "-Dsonar.projectName=Great Project 1" -Dsonar.branch.name=%branch% -Dsonar.java.source=17 "-Dsonar.java.jdkHome=%SONAR_JAVA_17_JDKHOME%" -f my-great-project1\pom.xml -nsu org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar
call mvnw.cmd -B "-Dsonar.projectKey=my-great-project2" "-Dsonar.projectName=Great Project 2" -Dsonar.branch.name=%branch% -Dsonar.java.source=17 "-Dsonar.java.jdkHome=%SONAR_JAVA_17_JDKHOME%" -f my\great-project2\pom.xml -nsu org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar
call mvnw.cmd -B -Dsonar.branch.name=%branch% -Dsonar.java.source=17 "-Dsonar.java.jdkHome=%SONAR_JAVA_17_JDKHOME%" -f my\great\project3 -nsu org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar

There are 3 different ways of providing a project key used here:

  • Explicitly given project key with a colon “my.great:project1”
  • Explicitly given project key without a colon “my-great-project2”
  • no project key provided, the default “groupId:artifactId” is used.

As all these projects are multi-module projects, Sonar creates keys for each of their modules. In the scanner context project keys likes this can be found:

sonar.projectKey=my.great:project1
sonar.projectKey=my.great:project1:my.great:subproject1a
sonar.projectKey=my.great:project1:my.great:subproject1b

sonar.projectKey=my-great-project2
sonar.projectKey=my-great-project2:my.great:subproject2a
sonar.projectKey=my-great-project2:my.great:subproject2b

sonar.projectKey=my.great:project3
sonar.projectKey=my.great:project3:my.great:subproject3a
sonar.projectKey=my.great:project3:my.great:subproject3b

“my-great-project2” contains the issue affected by the flickering and is the only one where the parent’s project key does not contain a colon. This should not be a problem, as it still fulfills the criteria mentioned in the documentation and in the information provided at the GUI when updating the project key:

But there is a hint (which I couldn’t find anywhere else) in a tooltip at the project information:
Screenshot 2024-04-04 115908

The project key of the affected project does not match this format, the colon is missing!
Maybe internally the key of the (sub-)projects is splitted at the position of the nth colon or something like that, which then leads to an incorrect and maybe even duplicate project key in the process.

If this is the cause of the flickering, we could fix it by changing the project key. But as this change affects several branches and developers, it would be great if someone could confirm our assumption.

We are using SonarQube 10.4.1 on-Premise in case it’s relevant.

Thanks!

Regards,
Carsten