New code definition not acknowledged by sonarcloud.io filter

  • ALM used: Bitbucket Cloud
  • CI system used: Bitbucket Cloud
  • Languages of the repository: JS

We have configured pull requests to display code quality on bitbucket. The pull request result shows findings older than 10 days even though the new code is defined to issues within 7 days.

bitbucket pipeline for reference:

definitions:
  services:
    docker:
      memory: 4096 
      type: docker
pipelines:
  pull-requests:
    '**':
    - step: &sonarcloudAnalysis
        name: SonarCloud Analysis
        services:
          - docker
        size: 2x
        script:
          - if [ "${BITBUCKET_PR_DESTINATION_BRANCH}" != "master" ]; then echo "Pipeline is restricted to master branch only"; exit 0; fi
          - pipe: sonarsource/sonarcloud-scan:2.0.0
            variables:
              SONAR_TOKEN: ${SONAR_TOKEN}
              EXTRA_ARGS: '-Dsonar.organization=${SONAR_ORG} -Dsonar.projectKey=${PROJECT_KEY} -Dsonar.exclusions=dist/,.sonar/,.scannerwork/,node_modules/,.git/,nginx/,src/*/.spec.ts,src/*/.spec.tsx -Dsonar.javascript.node.maxspace=4096 -X'
          - pipe: sonarsource/sonarcloud-quality-gate:0.1.6

Hey there.

The definition of New Code for a Pull Request is always “what changed between the source and target branch”. Any other definition of New Code is ignored.

Stated another way, the New Code Period only applies to long-lived branches.

1 Like

Okay. However, the highlighted issues are older issues and not part of the current pull request. On sonarcloud it clearly states that it was found 11 days ago.

The pull request displays 19 issues on bitbucket widget.

The diff has only 2 line changes in 2 files.

But the issues listed below are not related to those 2 line changes but note that the issues are all from the 2 files itself.

EDIT: uploaded the wrong image

The upper right says “the last analysis has a warning” – what is that warning?

Following is the warning

image

I have gone through other PR requests and sonarcloud scans. My observation is that the sonarcloud scan displays all the issues found in the modified files, not just the modified code.

As shown in the above example, just 2 lines were modified on two files, but it displays all the issues within the two files.

By any chance, did the paths of the files change? SONAR-13579 was implemented in SonarQube, but not SonarCloud. If this is the case, it would be a great case to bring up the topic again with the team.

It is not the case of path of files change. I have validated that.

It is mostly likely what is mentioned in this comment: Removing comment in a file is scanning the whole file in PR analysis - #4 by ganncamp

From my initial analysis, it looks like I might be confusing whole function with whole file. Or is it how sonarcloud scan for pull request is supposed to work?

I can see old issues in the same file that are in “Full Analysis” that are not raised in the pull request. But some of the issues raised in the pull request itself are not relevant to the lines changed in the pull request.

I won’t be able to share the examples here since the file contents might be sensitive.