New Code is 0, but actually new code exists

Version: Developer Edition Version 9.4 (build 54424)

Environment

• We have a C# Based large solution, which contains multiple projects distributed among subdirectories.
• We are using PR decoration using Azure Devops and SonarQube.
• Trying to merge a PR. Feature Branch to Main Branch

Problem 1
Initially, the Pull Requests were ignoring files inside subdirectories. So I searched and found the following solution which I added in the build pipeline.
sonar.scm.exclusions.disabled=true

Now the files are detected by SonarQube analyzer. But now we are facing another problem.

Problem 2
Since the files in subdirectories were detected properly, I tried to check whether PR comments are populated without any issues. So I added some Bad Code in order to generate issues. However, when I pushed the commit, SonarQube was showing 0 as New Code. The pipeline log showed following information

INFO: Merge base sha1: 95a80397d3fXXXXXXXXXXXXXXXXXXXXX
WARN: File ‘D:\a\1\s.…\XXXXXX.cs’ was detected as changed but without having changed lines
DEBUG: SCM reported changed lines for 0 files in the branch

After the issue is identified, I done an analyze on Main branch. Because in some forums it was suggested as solution. Then I reran the pipeline again after adding some more bad code. Still new code is detected as 0.

image1405×197 5.46 KB

Could you please advice what to do in order to SnarQube to detect new code? Please help because we are blocked right now.

Thanks.

It matters where you add the bad code, if you put it in a test or something sonar thinks is a test project it’s not going to find it for new code.

I had a similar problem recently that was due to the build server having an old version of nodejs (12.14). Updating that to v16 fixed it.

Thanks Andrew.

It matters where you add the bad code, if you put it in a test or something sonar thinks is a test project it’s not going to find it for new code.

I had names such as Foo, Sample. I fixed everything and committed again. But still New Code is not detected.

I had a similar problem recently that was due to the build server having an old version of nodejs (12.14). Updating that to v16 fixed it.

I am not sure about this. We are using Azure VM(Ubuntu 20.04.4 LTS) as SonarQube server. . We are not using Node. So I think it is not applicable.

We are not using Node. So I think it is not applicable.

I should have been a bit clearer on this. We had been running sonar scans until one day they just started reporting 0 lines of code. The Sonar scanner had failed to locate some components that were required for it to scan our code properly but instead of failing the scanning task and the pipeline, it reported non-failing errors and continued on as if there were no problems, allowing the pipeline to be successful. Sonar has confirmed this is behavior they intend to have (crazy, right?). So what I should have said was enable diagnostics and debug output for the pipeline and look for any errors reported during any of the 3 Sonar tasks (assuming you are using AzDo pipelines), even if they didnt cause the pipeline to fail.

Have you tried running the sonar scanner locally and not on a remote server?

Does scanning the main branch produce the same 0 lines of code result?

Have you checked the other settings in the sonar properties file, like sonar.sources? (if you are using it, remove it and let the autodetection try. If you arent using it, try using it - maybe the auto detection isnt working)

Hi Andrew,

Thanks again.

I did the following changes

• From my pipeline script, removed sonar property

  sonar.scm.exclusions.disabled=true

• From SonarQube web page, toggled the below settings to ON
  Administration > SCM > Disable the SCM Sensor.

  

  image856×415 18.5 KB

Results

• New Code is detected.
• Surprisingly, code issues in other files, which are not new, but seems not detected earlier, was also detected!!

1. Now I am not sure how disabling SCM Sensor worked here. Could you please let me know?
2. Are there any side effects by disabling SCM sensor?

I am also not sure, but would guess that some setting that the SCM Sensor depends on was either missing or incorrect, so it could not operate correctly and was preventing new code from being counted.

Hi Andrew.

Thanks for sharing your thoughts.

I am wondering making those settings is the actual solution, or are there any insufficient settings in my project or SonarQube server.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.