I am using Azure DevOps as my ALM and CI system. One of my developers made a change to a JavaScript file to address a Security Hotspot issue that Sonar had identified. This change was merged into our master branch 2 days ago, however SonarCloud is still showing the old version of the file. The build for this particular project runs on a nightly schedule and builds whatever is in master and then publishes to Sonar. I have included my YAML below. Any help would be greatly appreciated!
The master branch is being targeted and the Analyze step says that Execution was successful. I enabled verbose logging and the file I am interested in is being picked up in the Analyze step. I see these entries for the file:
17:10:00.216 DEBUG: Average line length for vueApp/public/mockServiceWorker.js is 25
17:10:00.216 DEBUG: 'vueApp\public\mockServiceWorker.js' indexed with language 'js'
'vueApp/public/mockServiceWorker.js' generated metadata with charset 'windows-1252'
17:13:37.417 DEBUG: Detection of duplications for D:/a/1/s/vueApp/public/mockServiceWorker.js
Sorry for the late response – are you still facing an issue where an old version of the file appears? On a new analysis submission, SonarCloud has no awareness of the previous version of the file and only the checked-out version being analyzed will be submitted to SonarCloud (which overwrites the entire codebase as SonarCloud knows it).
If you’re still facing the issue, I’d suggest creating a “dummy” branch and running analysis, and see what version of the file appears.
Thank you for following up. I did confirm that Sonar is working exactly as expected. After pressing the engineer for more information it came to light that they have a script that runs as part of their build that overwrites this particular file with a certain version. So, regardless of what is in Source Control, it will always get replaced with that specific version.