New code definition not acknowledged by sonarcloud.io filter

• ALM used: Bitbucket Cloud
• CI system used: Bitbucket Cloud
• Languages of the repository: JS

We have configured pull requests to display code quality on bitbucket. The pull request result shows findings older than 10 days even though the new code is defined to issues within 7 days.

bitbucket pipeline for reference:

definitions:
  services:
    docker:
      memory: 4096 
      type: docker
pipelines:
  pull-requests:
    '**':
    - step: &sonarcloudAnalysis
        name: SonarCloud Analysis
        services:
          - docker
        size: 2x
        script:
          - if [ "${BITBUCKET_PR_DESTINATION_BRANCH}" != "master" ]; then echo "Pipeline is restricted to master branch only"; exit 0; fi
          - pipe: sonarsource/sonarcloud-scan:2.0.0
            variables:
              SONAR_TOKEN: ${SONAR_TOKEN}
              EXTRA_ARGS: '-Dsonar.organization=${SONAR_ORG} -Dsonar.projectKey=${PROJECT_KEY} -Dsonar.exclusions=dist/,.sonar/,.scannerwork/,node_modules/,.git/,nginx/,src/*/.spec.ts,src/*/.spec.tsx -Dsonar.javascript.node.maxspace=4096 -X'
          - pipe: sonarsource/sonarcloud-quality-gate:0.1.6

Hey there.

The definition of New Code for a Pull Request is always “what changed between the source and target branch”. Any other definition of New Code is ignored.

Stated another way, the New Code Period only applies to long-lived branches.

Okay. However, the highlighted issues are older issues and not part of the current pull request. On sonarcloud it clearly states that it was found 11 days ago.

The pull request displays 19 issues on bitbucket widget.

2024-07-04 14_07_05-redmoj _ srem-frontend _ Pull Request #3357_ feat_ update file size to 30 mb for1576×749 41 KB

The diff has only 2 line changes in 2 files.

But the issues listed below are not related to those 2 line changes but note that the issues are all from the 2 files itself.

srem_frontend_19 issues1844×900 133 KB

EDIT: uploaded the wrong image

The upper right says “the last analysis has a warning” – what is that warning?

Following is the warning

I have gone through other PR requests and sonarcloud scans. My observation is that the sonarcloud scan displays all the issues found in the modified files, not just the modified code.

As shown in the above example, just 2 lines were modified on two files, but it displays all the issues within the two files.

By any chance, did the paths of the files change? SONAR-13579 was implemented in SonarQube, but not SonarCloud. If this is the case, it would be a great case to bring up the topic again with the team.

It is not the case of path of files change. I have validated that.

It is mostly likely what is mentioned in this comment: Removing comment in a file is scanning the whole file in PR analysis - #4 by ganncamp

From my initial analysis, it looks like I might be confusing whole function with whole file. Or is it how sonarcloud scan for pull request is supposed to work?

I can see old issues in the same file that are in “Full Analysis” that are not raised in the pull request. But some of the issues raised in the pull request itself are not relevant to the lines changed in the pull request.

I won’t be able to share the examples here since the file contents might be sensitive.

This is not the case as the issues raised in our PR are all code smells.

Any other way I can troubleshoot this issue?

Just for additional context:

image1346×81 3.79 KB

This is the various code types in our repo.

Is it necessary that we install the dependencies and build the app before running the scan? As you can see in the bitbucket pipeline, we are not doing so at the moment. Does it effect the scan result?

At this point, it would make sense for you to attach DEBUG level scanner logs (you’re already passing -X in your pipeline, by the looks of it) for a PR where issues are being raised on unchanged lines.

How can I private message the log file?

I’ve sent you a PM