JavaScript change not showing up in SonarCloud?

I am using Azure DevOps as my ALM and CI system. One of my developers made a change to a JavaScript file to address a Security Hotspot issue that Sonar had identified. This change was merged into our master branch 2 days ago, however SonarCloud is still showing the old version of the file. The build for this particular project runs on a nightly schedule and builds whatever is in master and then publishes to Sonar. I have included my YAML below. Any help would be greatly appreciated!

  - none
  vmImage: windows-latest
  - task: NodeTool@0
    displayName: Use Node 14.x
      versionSpec: 14.x
  - task: Npm@1
    displayName: npm install angular
      command: ci
      verbose: false
      timeoutInMinutes: 10
  - task: Npm@1
    displayName: npm install vue
      command: ci
      workingDir: vueApp
      timeoutInMinutes: 10
  - task: SonarCloudPrepare@1
      SonarCloud: Sonar Cloud 
      organization: [org]
      scannerMode: CLI
      configMode: manual
      cliProjectKey: [key]
      cliProjectName: [project]
      cliSources: .
  - task: Npm@1
    displayName: build vue app (dev)
      command: custom
      customCommand: run build-dev
      timeoutInMinutes: 10
  - task: SonarCloudAnalyze@1
  - task: SonarCloudPublish@1
      pollingTimeoutSec: '300'

Hey there.

Do the scanner logs (of the SonarCloudAnalyze step) show that the analysis was successful, and targeted the master branch?


The master branch is being targeted and the Analyze step says that Execution was successful. I enabled verbose logging and the file I am interested in is being picked up in the Analyze step. I see these entries for the file:

17:10:00.216 DEBUG: Average line length for vueApp/public/mockServiceWorker.js is 25
17:10:00.216 DEBUG: 'vueApp\public\mockServiceWorker.js' indexed with language 'js'

'vueApp/public/mockServiceWorker.js' generated metadata with charset 'windows-1252'

17:13:37.417 DEBUG: Detection of duplications for D:/a/1/s/vueApp/public/mockServiceWorker.js

Hey @Doug_Parsons

Sorry for the late response – are you still facing an issue where an old version of the file appears? On a new analysis submission, SonarCloud has no awareness of the previous version of the file and only the checked-out version being analyzed will be submitted to SonarCloud (which overwrites the entire codebase as SonarCloud knows it).

If you’re still facing the issue, I’d suggest creating a “dummy” branch and running analysis, and see what version of the file appears.

Hey, @Colin

Thank you for following up. I did confirm that Sonar is working exactly as expected. After pressing the engineer for more information it came to light that they have a script that runs as part of their build that overwrites this particular file with a certain version. So, regardless of what is in Source Control, it will always get replaced with that specific version.

Thank you for support on this!

1 Like