We experienced a situation where a project was green one day and turned red after a subsequent scan, due to a newly reported Blocker issue. The affected code had been unchanged for a long time, yet the issue only appeared after the re-scan. After ruling out internal causes (code changes, configuration updates, etc.), the only plausible explanation was a change on the SonarCloud side - such as a rule update, severity change, or rule logic modification. While frequent updates are important and appreciated, such changes can have significant impact on release approvals and CI pipeline checks.
What would be helpful:
* An “updated on” timestamp visible on rule pages
* Clear indication when severities or rule logic have changed
* A visible change history or changelog per rule
* Ideally, advance notice of breaking changes to rule behavior
This would make it much easier to understand sudden changes in analysis results and react accordingly.
Has anyone else experienced similar scenarios? How do you handle unexpected analysis changes?
Is there anything planned on Sonar side to provide a solution?