Legacy issues occasionally flagged as new code

Hi all,
We’re using SonarQube 9.4, scanning C#, javascript and .css files. We have sonar.scm.disabled. We use a specific master scan as a reference scan to identify new code on branch scans.

I’m trying to manage a project with a large legacy codebase, which has many SonarQube issues flagged, which we’re addressing over time via a prioritised backlog while new functionality is developed. Often, the same files which contain legacy issues are modified, and we don’t want any new issues created, and thus we have a process to break a build, and any new issues must be fixed before a branch can be merged to master.

However, every so often, legacy issues become flagged as new code, when the file has been modified, but no code within a hundred lines has been changed. For instance, we recently modified a file which contains 26 known legacy SQ issues. Just one of those legacy issues was flagged as new when the merge to master occurred (and again, no code nearby was modified):

However, on the branch scan, this legacy issue was clearly marked as being 1 year old:

Is there any explanation as to why this can happen, any way we can prevent it from happening? The scanner logs show absolutely no issues when scanning these files. Could it ever be possible to leave the issue as flagged, but change the date on it so it is not seen as new?

Any help appreciated.

Hey there.


It’s part of our build process, we have a very locked-down build environment which does not have access to source control. This is something we could change, but would also be quite impactful to us, and it was never an issue when we were using SonarQube 7.9 (I think) up till around 6 months ago. The worst case scenario is we change our build process, start using scm, and still get the issues or even see more issues.