New bug is reported on a pull request against the code lines which was committed too past

I want to know why such an issue was reported even though the code lines were committed about 1 year ago. Please advice me if some configuration is incorrect or insufficient.

  • versions used (SonarQube, Scanner, Plugin, and any relevant extension)
    • SonarCloud (SonarQube server 8.5.0)
    • SonarQube Scanner
    • CFamily plugin version:
    • Java 11.0.3 AdoptOpenJDK (64-bit)
    • Linux 4.15.0-1077-aws amd64
    • Github, CircleCI
  • steps to reproduce
    1. Sonarcloud -> Administration -> New Code -> Number of days is selected, the value is set to 60, and the setting has not changed from the beginning of the project
    2. Long-lived branch (origin/develop) has no bug report
    3. Create pull request from already pushed branch (merge target is origin/develop) on Github
    4. New bug is reported on it against the code lines which was committed about 1year ago

  • error observed (wrap logs/code around triple quote ``` for proper formatting)


Two things could have caused this. First, our analysis gets smarter all the time. So it’s possible this was a false negative that we fixed. The other option is that the line of code that was previously preventing this issue from being raised was changed or removed. As an example, consider a null pointer dereference issue. If I remove the null-test before the dereference, there’s a brand new problem on the 1-year-old dereference line.