SonarQube server: 9.9.2.77730
Windows Server 2019 10.0 amd64
Microsoft Visual Studio 2022 (64 bit)
SonarScanner: 5.0.1.3006
Hi Community,
We are using SonarQube to analyse C++ code in our CI infrastructure and faced with unexpected SonarQube behaviour. Previously we were running SonarScanner on Windows 2019 Server with installed Microsoft Visual Studio 17 and we had no issues with scanning project. But after upgrading to Microsoft Visual Studio 2022 new bugs were found in project, although no changes were made in the source code.
I’ve tried to find the information about that in SonarQube docs, but I couldn’t.
Could you please advice, it is normal that SonarQube find new bugs after changing Visual Studio version or it is something else?
I can think of one possible scenario: After the upgrade, we detect that you use a newer compiler, with newer possibilities, and we create additional issues where you could leverage these possibilities to write better code.
Another possible scenario is that the new issues are linked to the update of the standard library.
It’s hard to know more without additional information. Could you please share with us a few of those new issues, as well as a snippet of code where they arise, so that we can look at the actual data?
It seems that all issues for which you shared screenshots are related to the use of uninitialized data. These issues are computed by our symbolic execution engine.
Would you be able to share a reproducer for one of the source files for which you encounter new issues after the update? This will allow us to conduct a detailed investigation.
You can generate a reproducer file as described in the following:
Look for the full path of the source file for which you want to create a reproducer in the analysis logs. You have to use the exact name (same case, ‘/’, etc.).
Add the reproducer option to the scanner configuration: sonar.cfamily.reproducer=“Full path to the .cpp”
Re-run the scanner to generate a file named sonar-cfamily.reproducer in the project directory.
Please share this file. If you think this file contains private information, let us know, and we will send you a private message that will allow you to send it privately.
