New code detection merge/pull requests

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube 1.2,
    INFO: Scanner configuration file: /opt/sonarqube/sonar-scanner/conf/
    INFO: Project root configuration file: AProjectName/
    INFO: SonarScanner
    INFO: Java 17.0.7 Eclipse Adoptium (64-bit)
    INFO: Linux 6.2.0-34-generic amd64

  • how is SonarQube deployed: zip, Docker, Helm
    On premises server, GitLab integration

  • what are you trying to achieve
    Define a baseline for main branch that future merge/pull requests are compared to

  • what have you tried so far to achieve this
    Added sonar-scanner job to gitlab pipeline and defined project sources and exclusions for unit test folders.
    Merged the changes to mainline, SonarQube indicated success but I noticed that also said there was no code in the project
    Added inclusions for all source code filename suffixes in a new merge request.
    That merge request fails quality gate because all of the code in the project is considered to be ‘new’ even though the merge request only affects the files .gitlab-ci.yml and
    I can force the merge even though Quality gate fails but I wan the state of the main branch when that merge is incorporated to be the baseline.

The ‘working’ properties:


sonar.inclusions=**/*.H, **/*.C, **/*.h, **/*.cpp, **/*.hpp, **/*.vue, **/*.htm*, **/*.ts, **/*.js,**/*.xml,**/*.sh,**/*.php,**/*.py,**/*.rs
sonar.exclusions=**/UnitTests/**/*, **/unit_tests/*,**/submodules/*

Without the sonar.inclusions exhaustive list the scanner claimed that there was no source code to scan and I missed that prior to the merge
NB, I have a feeling that the combination of sonar.inclusions and sonar.exclusions means that I can’t exclude code files because the inclusions overrides the exclusions


Welcome to the community!

In fact, merge/pull requests are compared to the branch being targeted. There’s not necessarily a need to establish a “baseline for main branch” here.

Can you share the full analysis log?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

Well… Generally I would not want to start out with the analysis properties you have. Do you really have tests full comingled with source code as indicated by your analysis properties? Is there no way to point concisely to your test directories? It seems to me that you might be able to simply specify

sonar.sources=dir1, dir2,dir3

And BTW, I don’t think this:

is doing what you think it is.