SonarQube 71 (build 11001)
Build done with GNU make through a Makefile, calling arm-none-eabi-gcc (~200 files to build)
Runs on Windows Server 2012
Run from Jenkins with the command : sonar-scanner -Dsonar.branch.name=${env.BRANCH_NAME}
Hello,
We’re currently running into an issue with SonarQube where 4 bugs have been detected in our long-lived branch but not in the short-lived branch that was adding this code.
Those were the steps:
- Long-lived branch (develop) is clean, no bug, no smell.
- We create a feature branch (featureA) from develop. Here we have a new C file with 4 bugs (file1.c), but the file is not built (not in the Makefile)
- Our CI server runs the SQ analysis on featureA and finds nothing, no error in the execution, no bug detected
- We merge featureA into develop
- Our CI server runs the SQ analysis on develop and it comes out clean, no bug
- We create a new feature branch (featureB) from develop in which we add the file1.c to our Makefile, so now it’s built
- Our CI server runs the SQ analysis on featureB and finds nothing, no error in the execution, no bug detected
- We merge featureB into develop
- Our CI server runs the SQ analysis on develop and finds the 4 bugs in file1
This is a surprise because we expected SQ to find those 4 bugs at step 3 (code added) or 7 (code built).
Is this a SQ bug, a configuration issue ? Is there anything I can do to prevent new bugs to be merged in my long-lived branch (develop) ?