Issues keys between branches

Declan11 · October 24, 2024, 2:47pm

I am using SonarQube 10.6 and I have found that if I scan a project that the issues found have a different key between the branches.
The same problem in the same file will have a different issue key for each branch.
Is this to be expected?

ganncamp · October 25, 2024, 3:13pm

Hi,

What do you mean by “issue key”? It’s normal, and expected that they would have different IDs, BTW.

Ann

Declan11 · October 25, 2024, 3:22pm

This is what I have found in the documentation concerning scan issues and their unique keys

In SonarQube, issue keys (also referred to as issue identifiers) are used to uniquely identify code issues detected during analysis. These issue keys are usually unique within a given project, and they should remain consistent across different branches of that project as long as the same piece of code generates the issue.

Here’s how issue keys behave between branches:

Same Code, Same Issue Key: If the same code that causes an issue exists in multiple branches, the issue key will generally remain the same across those branches. SonarQube tries to maintain consistency across branches when the issue is detected in the same location (file and line of code).

The problem is that what I am seeing is that the an issue found in the main branch has a different key from the same issue found in the feature branch. Even though it is the same code and same file just scanned in a seperate branch

ganncamp · October 25, 2024, 3:25pm

Hi,

It’s still not clear to me what key you mean.

Can you point me to the documentation you’re relying on? And can you provide a screenshot of one of these keys?

Thx,
Ann

Declan11 · October 27, 2024, 9:19pm

{“total”:3,“p”:1,“ps”:100,“paging”:{“pageIndex”:1,“pageSize”:100,“total”:3},“effortTotal”:15,“issues”:[{“key”:“ffb075c0-14fc-408b-96c2-116ded640141”,“rule”:“Web:S6853”,“severity”:“MINOR”,“component”:“relengsonar3:Login.cshtml”,“project”:“relengsonar3”,“line”:19,“hash”:“b1510279a236498a6358fd907293d5b0”,“textRange”:{“startLine”:19,“endLine”:19,“startOffset”:32,“endOffset”:59},“flows”:,“resolution”:“WONTFIX”,“status”:“RESOLVED”,“message”:“A form label must be associated with a control.",“effort”:“5min”,“debt”:“5min”,“author”:"dmcgee@nanthealth.com”,“tags”:[“accessibility”],“creationDate”:“2024-10-24T14:12:55+0000”,“updateDate”:“2024-10-24T14:16:19+0000”,“type”:“CODE_SMELL”,“scope”:“MAIN”,“quickFixAvailable”:false,“messageFormattings”:,“codeVariants”:,“cleanCodeAttribute”:“LOGICAL”,“cleanCodeAttributeCategory”:“INTENTIONAL”,“impacts”:[{“softwareQuality”:“RELIABILITY”,“severity”:“MEDIUM”}],“issueStatus”:“ACCEPTED”,“prioritizedRule”:false},

The key here is “key”:"**ffb075c0-14fc-408b-96c2-116ded640141

returned using the api call
/api/issues/search?componentKeys

ganncamp · October 28, 2024, 12:49pm

Hi,

The JSON isn’t really helpful.

Emphasis added:

Ann

Declan11 · October 28, 2024, 2:51pm

I am using the sonarqube api to return a list of all the issues in the project

http://localhost:9000/api/issues/search?componentKeys=testproject

This is returned as the json I showed earlier

This is the documentation for the api I am using
https://next.sonarqube.com/sonarqube/web_api/api/issues/search

and this is the key that I am referring too in those results
“issues”: [
{
“key”: “01fc972e-2a3c-433e-bcae-0bd7f88f5123”,
“component”: “com.github.kevinsawicki:http-request:com.github.kevinsawicki.http.HttpRequest”,
“project”: “com.github.kevinsawicki:http-request”,
“rule”: “java:S1144”,
“cleanCodeAttribute”: “CLEAR”,
“cleanCodeAttributeCategory”: “INTENTIONAL”,
“issueStatus”: “ACCEPTED”,
“prioritizedRule”: false,
“impacts”: [

ganncamp · October 28, 2024, 3:46pm

Hi,

Okay, going back to this:

And understanding that this is what you mean by key

That looks to me like a uuid, and it’s perfectly normal that what looks like the same issue would have a distinct key/uuid for each branch in which it’s found. Because they are in different branches, they are actually - under the covers - different issues, which can have different things happen to them.

For instance, let’s say the same rule raises an issue on the same line with the same message in main, branchA and branchB. In:

main - comment: This will be fixed in branchA
branchA - nothing
branchB - mark Accepted

If these all had the same key/uuid, they would all be the same database record and the comment made on main would show up in all 3 places. Similarly, marking the issue Accepted on branchB means it would show up that way everywhere.

HTH,
Ann

Declan11 · October 28, 2024, 4:02pm

I am trying to find a way to reduce the duplication of work.
For example if I find an issue in a feature branch that I mark as accepted wontfix. is there a way to have the same issue in the main branch marked as wontfix automatically?

ganncamp · October 28, 2024, 4:06pm

Hi,

There is not.

HTH,
Ann