Old code smells reported as "new code"

SonarQube Server / Community Build
1

SonarQube: 9.9.2 (build 77730), Docker

On a recent commit, a TypeScript project went from having 271 code smells to 692. The new code smells are in files that were not changed. Many are reported as “new code” smells, even though the files have not been modified in months or years.

I’m trying to understand why this occurred and correct our reporting if appropriate.

So far, I’ve investigated some of the files that were in changed in the merge. A sonar.config.json file was modified to exclude one new file, but was otherwise unchanged. I’ve also looked at the SonarQube log output (below), but haven’t identified anything abnormal.

INFO: Analyzing on SonarQube server 9.9.2.77730
 INFO: Default locale: "en_US", source code encoding: "UTF-8"
 INFO: Load global settings
 INFO: Load global settings (done) | time=229ms
 INFO: Server id: 8765581D-AW5rftrjNCsF4dv9SE40
 INFO: User cache: /root/.sonar/cache
 INFO: Load/download plugins
 INFO: Load plugins index
 INFO: Load plugins index (done) | time=132ms
 INFO: Load/download plugins (done) | time=11403ms
 INFO: Loaded core extensions: developer-scanner
 INFO: Process project properties
 INFO: Process project properties (done) | time=7ms
 INFO: Execute project builders
 INFO: Execute project builders (done) | time=1ms
 INFO: Project key: [snip]
 INFO: Base dir: /home/jenkins/agent/workspace/UI_vendor-portal_development
 INFO: Working dir: /home/jenkins/agent/workspace/UI_vendor-portal_development/.scannerwork
 INFO: Load project settings for component key: '[snip]'
 INFO: Load project settings for component key: '[snip]' (done) | time=130ms
 INFO: Load project branches
 INFO: Load project branches (done) | time=121ms
 INFO: Load branch configuration
 INFO: Found manual configuration of branch/PR analysis. Skipping automatic configuration.
 INFO: Load branch configuration (done) | time=1ms
 INFO: Auto-configuring with CI 'Jenkins'
 INFO: Load quality profiles
 INFO: Load quality profiles (done) | time=195ms
 INFO: Load active rules
 INFO: Load active rules (done) | time=6306ms
 INFO: Load analysis cache
 INFO: Load analysis cache | time=378ms
 INFO: Branch name: development
 INFO: Load project repositories
 INFO: Load project repositories (done) | time=144ms
 INFO: Indexing files...
 INFO: Project configuration:
 INFO:   Excluded sources: **/*.spec.ts, **/node_modules/**, **/karma.conf.js, **/index.ts, **/polyfills.ts, **/*.mock.ts, **/app.init.ts, **/auth-guard.service.ts, **/cdui-main.ts, **/*.spec.ts
 INFO:   Included tests: **/*.spec.ts
 INFO:   Excluded sources for coverage: **/*Constants.java
 INFO: 916 files indexed
 INFO: 1324 files ignored because of inclusion/exclusion patterns
 INFO: 0 files ignored because of scm ignore settings
 INFO: Quality profile for css: [snip]
 INFO: Quality profile for json: Sonar way
 INFO: Quality profile for ts: [snip]
 INFO: Quality profile for web: [snip]
 INFO: ------------- Run sensors on module ui.vendor-portal
 INFO: Load metrics repository
 INFO: Load metrics repository (done) | time=110ms
 INFO: Sensor IaC CloudFormation Sensor [iac]
 INFO: 0 source files to be analyzed
 INFO: 0/0 source files have been analyzed
 INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=14ms
 INFO: Sensor IaC Kubernetes Sensor [iac]
 INFO: 0 source files to be analyzed
 INFO: 0/0 source files have been analyzed
 INFO: Sensor IaC Kubernetes Sensor [iac] (done) | time=5ms
 INFO: Sensor C# Project Type Information [csharp]
 INFO: Sensor C# Project Type Information [csharp] (done) | time=2ms
 INFO: Sensor C# Analysis Log [csharp]
 INFO: Sensor C# Analysis Log [csharp] (done) | time=9ms
 INFO: Sensor C# Properties [csharp]
 INFO: Sensor C# Properties [csharp] (done) | time=0ms
 INFO: Sensor HTML [web]
 INFO: Sensor HTML [web] (done) | time=715ms
 INFO: Sensor TextAndSecretsSensor [text]
 INFO: 751 source files to be analyzed
 INFO: 751/751 source files have been analyzed
 INFO: Sensor TextAndSecretsSensor [text] (done) | time=527ms
 INFO: Sensor VB.NET Project Type Information [vbnet]
 INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
 INFO: Sensor VB.NET Analysis Log [vbnet]
 INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=10ms
 INFO: Sensor VB.NET Properties [vbnet]
 INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
 INFO: Sensor JaCoCo XML Report Importer [jacoco]
 INFO: Coverage report doesn't exist for pattern: 'target/site/jacoco/jacoco.xml'
 INFO: Coverage report doesn't exist for pattern: 'target/site/jacoco-it/jacoco.xml'
 WARN: No coverage report can be found with sonar.coverage.jacoco.xmlReportPaths='target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml'. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
 INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
 INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
 INFO: Sensor TypeScript analysis [javascript]
 WARN: Using Node.js version 14 to execute analysis is deprecated and will stop being supported no earlier than May 1st, 2023. Please upgrade to a newer LTS version of Node.js [16, 18]
 INFO: Found 2 tsconfig.json file(s): [snip]
 INFO: Creating TypeScript program
 INFO: 394 source files to be analyzed
 INFO: TypeScript configuration file [snip]
 INFO: Creating TypeScript program (done) | time=5506ms
 INFO: Starting analysis with current program
 INFO: 53/394 files analyzed, current file: [snip]
 INFO: 179/394 files analyzed, current file: [snip]
 INFO: 352/394 files analyzed, current file: [snip]
 INFO: Analyzed 394 file(s) with current program
 INFO: Creating TypeScript program
 INFO: TypeScript configuration file [snip]
 INFO: Creating TypeScript program (done) | time=1629ms
 INFO: Starting analysis with current program
 INFO: Analyzed 0 file(s) with current program
 INFO: 394/394 source files have been analyzed
 INFO: Hit the cache for 0 out of 394
 INFO: Miss the cache for 394 out of 394: ANALYSIS_MODE_INELIGIBLE [394/394]
 INFO: Sensor TypeScript analysis [javascript] (done) | time=37955ms
 INFO: Sensor CSS Rules [javascript]
 INFO: 356 source files to be analyzed
 INFO: 356/356 source files have been analyzed
 INFO: Hit the cache for 0 out of 0
 INFO: Miss the cache for 0 out of 0
 INFO: Sensor CSS Rules [javascript] (done) | time=1706ms
 INFO: Sensor JavaScript/TypeScript Coverage [javascript]
 INFO: Analysing [[snip]]
 WARN: Could not resolve 55 file paths in [[snip]]
 WARN: First unresolved path: [snip] (Run in DEBUG mode to get full list of unresolved paths)
 INFO: Sensor JavaScript/TypeScript Coverage [javascript] (done) | time=85ms
 INFO: Sensor CSS Metrics [javascript]
 INFO: Sensor CSS Metrics [javascript] (done) | time=113ms
 INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
 INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=6ms
 INFO: Sensor IaC Docker Sensor [iac]
 INFO: 0 source files to be analyzed
 INFO: 0/0 source files have been analyzed
 INFO: Sensor IaC Docker Sensor [iac] (done) | time=74ms
 INFO: Sensor Serverless configuration file sensor [security]
 INFO: 0 Serverless function entries were found in the project
 INFO: 0 Serverless function handlers were kept as entrypoints
 INFO: Sensor Serverless configuration file sensor [security] (done) | time=4ms
 INFO: Sensor AWS SAM template file sensor [security]
 INFO: Sensor AWS SAM template file sensor [security] (done) | time=1ms
 INFO: Sensor AWS SAM Inline template file sensor [security]
 INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=0ms
 INFO: Sensor javabugs [dbd]
 INFO: Reading IR files from: [snip]
 INFO: No IR files have been included for analysis.
 INFO: Sensor javabugs [dbd] (done) | time=1ms
 INFO: Sensor pythonbugs [dbd]
 INFO: Reading IR files from: [snip]
 INFO: No IR files have been included for analysis.
 INFO: Sensor pythonbugs [dbd] (done) | time=1ms
 INFO: Sensor JavaSecuritySensor [security]
 INFO: Reading type hierarchy from: [snip]
 INFO: Read 0 type definitions
 INFO: No UCFGs have been included for analysis.
 INFO: Sensor JavaSecuritySensor [security] (done) | time=3ms
 INFO: Sensor CSharpSecuritySensor [security]
 INFO: Reading type hierarchy from: [snip]
 INFO: Read 0 type definitions
 INFO: No UCFGs have been included for analysis.
 INFO: Sensor CSharpSecuritySensor [security] (done) | time=0ms
 INFO: Sensor PhpSecuritySensor [security]
 INFO: Reading type hierarchy from: [snip]
 INFO: Read 0 type definitions
 INFO: No UCFGs have been included for analysis.
 INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
 INFO: Sensor PythonSecuritySensor [security]
 INFO: Reading type hierarchy from: [snip]
 INFO: Read 0 type definitions
 INFO: No UCFGs have been included for analysis.
 INFO: Sensor PythonSecuritySensor [security] (done) | time=0ms
 INFO: Sensor JsSecuritySensor [security]
 INFO: Reading type hierarchy from: [snip]
 INFO: Read 0 type definitions
 INFO: Reading UCFGs from: [snip]
 INFO: 16:26:01.842006 Building Runtime Type propagation graph
 INFO: 16:26:01.975737 Running Tarjan on 33387 nodes
 INFO: 16:26:02.013047 Tarjan found 33385 components
 INFO: 16:26:02.074079 Variable type analysis: done
 INFO: 16:26:02.076323 Building Runtime Type propagation graph
 INFO: 16:26:02.249415 Running Tarjan on 33387 nodes
 INFO: 16:26:02.269759 Tarjan found 33385 components
 INFO: 16:26:02.299449 Variable type analysis: done
 INFO: Analyzing 7091 ucfgs to detect vulnerabilities.
 INFO: Taint analysis starting. Entrypoints: 395
 INFO: Running symbolic analysis for 'JS'
 INFO: Taint analysis: done.
 INFO: Sensor JsSecuritySensor [security] (done) | time=18858ms
 INFO: ------------- Run sensors on project
 INFO: Sensor Analysis Warnings import [csharp]
 INFO: Sensor Analysis Warnings import [csharp] (done) | time=0ms
 INFO: Sensor Zero Coverage Sensor
 INFO: Sensor Zero Coverage Sensor (done) | time=4ms
 INFO: CPD Executor 34 files had no CPD blocks
 INFO: CPD Executor Calculating CPD for 556 files
 INFO: CPD Executor CPD calculation finished (done) | time=165ms
 INFO: Load New Code definition
 INFO: Load New Code definition (done) | time=136ms
 INFO: Analysis report generated in 376ms, dir size=9.3 MB
 INFO: Analysis report compressed in 1394ms, zip size=6.4 MB
 INFO: Analysis report uploaded in 1580ms
 INFO: ANALYSIS SUCCESSFUL, you can find the results at: [snip]
 INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
 INFO: More about the report processing at [snip]
 INFO: Time spent writing ucfgs 1654ms
 INFO: Analysis total time: 1:20.244 s
 INFO: ------------------------------------------------------------------------
 INFO: EXECUTION SUCCESS
 INFO: ------------------------------------------------------------------------
 INFO: Total time: 1:34.391s
 INFO: Final Memory: 367M/1296M
 INFO: ------------------------------------------------------------------------
 [16:26:29] Analysis finished.
 [Pipeline] }
 [Pipeline] // withSonarQubeEnv
 [Pipeline] timeout
 Timeout set to expire in 15 min
 [Pipeline] {
 [Pipeline] waitForQualityGate
 Checking status of SonarQube task 'AYw6zU-kn6J7ZvP3SReg' on server 'Sonar'
 SonarQube task 'AYw6zU-kn6J7ZvP3SReg' status is 'IN_PROGRESS'
 SonarQube task 'AYw6zU-kn6J7ZvP3SReg' status is 'SUCCESS'
 SonarQube task 'AYw6zU-kn6J7ZvP3SReg' completed. Quality gate is 'OK'
 [Pipeline] sh
 + npm run sonar:check
 
 > vendor-portal@0.0.0-MICROFRONTEND sonar:check [snip]
 > odk-sonar-check
 
 Sonar Config:
 {
   "options": {
     "sonar.exclusions": {
       "value": [
         "**/karma.conf.js",
         "**/index.ts",
         "**/polyfills.ts",
         "**/*.mock.ts",
         "**/app.init.ts",
         "**/auth-guard.service.ts",
         "**/cdui-main.ts"
       ],
       "merge": true
     },
     "sonar.typescript.exclusions": {
       "value": [
         "**/karma.conf.js",
         "**/index.ts",
         "**/polyfills.ts",
         "**/*.mock.ts",
         "**/app.init.ts",
         "**/auth-guard.service.ts",
         "**/cdui-main.ts"
       ],
       "merge": true
     }
   },
   "tests": [
     {
       "metric": "coverage",
       "threshold": 77,
       "desc": true
     },
     {
       "metric": "bugs",
       "threshold": 0
     },
     {
       "metric": "vulnerabilities",
       "threshold": 0
     },
     {
       "metric": "code_smells",
       "threshold": 285
     }
   ]
 }
 Analysis:
 {
   "component": {
     "key": "[snip]",
     "name": "ui.vendor-portal",
     "description": "No description.",
     "qualifier": "TRK",
     "measures": [
       null,
       {
         "metric": "new_coverage",
         "periods": [
           {
             "index": 1,
             "value": "93.2",
             "bestValue": false
           }
         ],
         "period": {
           "index": 1,
           "value": "93.2",
           "bestValue": false
         }
       },
       {
         "metric": "coverage",
         "value": "80.7",
         "bestValue": false
       },
       {
         "metric": "new_code_smells",
         "periods": [
           {
             "index": 1,
             "value": "369",
             "bestValue": false
           }
         ],
         "period": {
           "index": 1,
           "value": "369",
           "bestValue": false
         }
       },
       {
         "metric": "code_smells",
         "value": "640",
         "bestValue": false
       },
       {
         "metric": "vulnerabilities",
         "value": "0",
         "bestValue": true
       },
       {
         "metric": "ncloc",
         "value": "75194"
       },
       {
         "metric": "bugs",
         "value": "0",
         "bestValue": true
       },
       {
         "metric": "new_bugs",
         "periods": [
           {
             "index": 1,
             "value": "0",
             "bestValue": true
           }
         ],
         "period": {
           "index": 1,
           "value": "0",
           "bestValue": true
         }
       },
       {
         "metric": "alert_status",
         "value": "OK"
       }
     ],
     "time": "Tue, 05 Dec 2023 16:27:25 GMT"
   }
 }
 Quality Gate Details:
 {
   "level": "OK",
   "conditions": [
     {
       "metric": "new_coverage",
       "op": "LT",
       "period": 1,
       "error": "75",
       "actual": "93.2",
       "level": "OK"
     },
     {
       "metric": "coverage",
       "op": "LT",
       "error": "72.9",
       "actual": "80.7",
       "level": "OK"
     },
     {
       "metric": "blocker_violations",
       "op": "GT",
       "error": "0",
       "actual": "0",
       "level": "OK"
     },
     {
       "metric": "bugs",
       "op": "GT",
       "error": "0",
       "actual": "0",
       "level": "OK"
     },
     {
       "metric": "new_blocker_violations",
       "op": "GT",
       "period": 1,
       "error": "0",
       "actual": "0",
       "level": "OK"
     },
     {
       "metric": "new_bugs",
       "op": "GT",
       "period": 1,
       "error": "0",
       "actual": "0",
       "level": "OK"
     },
     {
       "metric": "new_critical_violations",
       "op": "GT",
       "period": 1,
       "error": "0",
       "actual": "0",
       "level": "OK"
     },
     {
       "metric": "new_vulnerabilities",
       "op": "GT",
       "period": 1,
       "error": "0",
       "actual": "0",
       "level": "OK"
     },
     {
       "metric": "vulnerabilities",
       "op": "GT",
       "error": "0",
       "actual": "0",
       "level": "OK"
     }
   ],
   "ignoredConditions": false
 }
 Test Results:
 [ 'Metric: code_smells value 640 is greater than threshold of 285' ]
 npm ERR! code ELIFECYCLE
 npm ERR! errno 1
 npm ERR! vendor-portal@0.0.0-MICROFRONTEND sonar:check: `odk-sonar-check`
 npm ERR! Exit status 1
 npm ERR! 
 npm ERR! Failed at the vendor-portal@0.0.0-MICROFRONTEND sonar:check script.
 npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
 
 npm ERR! A complete log of this run can be found in:
 npm ERR!     /root/.npm/_logs/2023-12-05T16_27_25_131Z-debug.log
2

Hi,

I guess this is the log from the analysis with all the new issues. Can you also provide the one from the analysis before that?

Also, can you characterize the new issues? Are they all from one or only a couple rules? Or are they all over the place, rule-wise?

 
Ann

3

Yes, the above is the log from the analysis with the new issues. I’ll attach the previous log (last one prior to the new code smells) below.

Tough to characterize the new code smells—there are over 400 new ones. I see many smells that are marked as “rule deprecated” although probably only 100 or so.

Looking at the history, the number of code smells actually seems to have changed for a period. We had one analysis that had over 1000 code smells before it fell down to 586 on a subsequent analysis. I don’t believe anyone was actively introducing or resolving issues during this time, just re-running the analysis.

I forgot to mention that we’ve recently upgraded from Sonar 8.9 to 9.9, although the upgrade was back in October—we’ve had successful analyses in-between then and now. I see a notice that appears new: “The quality gate used by this project does not comply with Clean as You Code.”

INFO: Analyzing on SonarQube server 9.9.2.77730
 INFO: Default locale: "en_US", source code encoding: "UTF-8"
 INFO: Load global settings
 INFO: Load global settings (done) | time=229ms
 INFO: Server id: 8765581D-AW5rftrjNCsF4dv9SE40
 INFO: User cache: /root/.sonar/cache
 INFO: Load/download plugins
 INFO: Load plugins index
 INFO: Load plugins index (done) | time=138ms
 INFO: Load/download plugins (done) | time=11985ms
 INFO: Loaded core extensions: developer-scanner
 INFO: Process project properties
 INFO: Process project properties (done) | time=7ms
 INFO: Execute project builders
 INFO: Execute project builders (done) | time=1ms
 INFO: Project key: [snip]
 INFO: Base dir: /home/jenkins/agent/workspace/UI_vendor-portal_development
 INFO: Working dir: /home/jenkins/agent/workspace/UI_vendor-portal_development/.scannerwork
 INFO: Load project settings for component key: [snip]
 INFO: Load project settings for component key: [snip] (done) | time=139ms
 INFO: Load project branches
 INFO: Load project branches (done) | time=127ms
 INFO: Load branch configuration
 INFO: Found manual configuration of branch/PR analysis. Skipping automatic configuration.
 INFO: Load branch configuration (done) | time=2ms
 INFO: Auto-configuring with CI 'Jenkins'
 INFO: Load quality profiles
 INFO: Load quality profiles (done) | time=195ms
 INFO: Load active rules
 INFO: Load active rules (done) | time=6484ms
 INFO: Load analysis cache
 INFO: Load analysis cache | time=700ms
 INFO: Branch name: development
 INFO: Load project repositories
 INFO: Load project repositories (done) | time=188ms
 INFO: Indexing files...
 INFO: Project configuration:
 INFO:   Excluded sources: **/*.spec.ts, **/node_modules/**, **/karma.conf.js, **/index.ts, **/polyfills.ts, **/*.mock.ts, **/app.init.ts, **/auth-guard.service.ts, **/*.spec.ts
 INFO:   Included tests: **/*.spec.ts
 INFO:   Excluded sources for coverage: **/*Constants.java
 INFO: 915 files indexed
 INFO: 1322 files ignored because of inclusion/exclusion patterns
 INFO: 0 files ignored because of scm ignore settings
 INFO: Quality profile for css: [snip]
 INFO: Quality profile for ts: [snip]
 INFO: Quality profile for web: [snip]
 INFO: ------------- Run sensors on module ui.vendor-portal
 INFO: Load metrics repository
 INFO: Load metrics repository (done) | time=115ms
 INFO: Sensor C# Project Type Information [csharp]
 INFO: Sensor C# Project Type Information [csharp] (done) | time=2ms
 INFO: Sensor C# Analysis Log [csharp]
 INFO: Sensor C# Analysis Log [csharp] (done) | time=9ms
 INFO: Sensor C# Properties [csharp]
 INFO: Sensor C# Properties [csharp] (done) | time=0ms
 INFO: Sensor HTML [web]
 INFO: Sensor HTML [web] (done) | time=790ms
 INFO: Sensor TextAndSecretsSensor [text]
 INFO: 750 source files to be analyzed
 INFO: 750/750 source files have been analyzed
 INFO: Sensor TextAndSecretsSensor [text] (done) | time=528ms
 INFO: Sensor VB.NET Project Type Information [vbnet]
 INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
 INFO: Sensor VB.NET Analysis Log [vbnet]
 INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=10ms
 INFO: Sensor VB.NET Properties [vbnet]
 INFO: Sensor VB.NET Properties [vbnet] (done) | time=0ms
 INFO: Sensor JaCoCo XML Report Importer [jacoco]
 INFO: Coverage report doesn't exist for pattern: 'target/site/jacoco/jacoco.xml'
 INFO: Coverage report doesn't exist for pattern: 'target/site/jacoco-it/jacoco.xml'
 WARN: No coverage report can be found with sonar.coverage.jacoco.xmlReportPaths='target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml'. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
 INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
 INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=2ms
 INFO: Sensor TypeScript analysis [javascript]
 WARN: Using Node.js version 14 to execute analysis is deprecated and will stop being supported no earlier than May 1st, 2023. Please upgrade to a newer LTS version of Node.js [16, 18]
 INFO: Found 2 tsconfig.json file(s): [/home/jenkins/agent/workspace/UI_vendor-portal_development/tsconfig.json, /home/jenkins/agent/workspace/UI_vendor-portal_development/projects/vendor-portal-site/e2e/tsconfig.json]
 INFO: Creating TypeScript program
 INFO: 394 source files to be analyzed
 INFO: TypeScript configuration file /home/jenkins/agent/workspace/UI_vendor-portal_development/tsconfig.json
 INFO: Creating TypeScript program (done) | time=5729ms
 INFO: Starting analysis with current program
 INFO: 42/394 files analyzed, current file: /home/jenkins/agent/workspace/UI_vendor-portal_development/projects/vendor-portal-site/src/app/shared/services/projects-list-api/projects-list-api.service.ts
 INFO: 165/394 files analyzed, current file: /home/jenkins/agent/workspace/UI_vendor-portal_development/projects/vendor-portal-site/src/app/trust-profile/trust-profile.component.ts
 INFO: 317/394 files analyzed, current file: /home/jenkins/agent/workspace/UI_vendor-portal_development/projects/vendor-portal-site/src/app/projects-list/views-selector/views-selector-helper.service.ts
 INFO: Analyzed 394 file(s) with current program
 INFO: Creating TypeScript program
 INFO: TypeScript configuration file /home/jenkins/agent/workspace/UI_vendor-portal_development/projects/vendor-portal-site/e2e/tsconfig.json
 INFO: Creating TypeScript program (done) | time=1699ms
 INFO: Starting analysis with current program
 INFO: Analyzed 0 file(s) with current program
 INFO: 394/394 source files have been analyzed
 INFO: Hit the cache for 0 out of 394
 INFO: Miss the cache for 394 out of 394: ANALYSIS_MODE_INELIGIBLE [394/394]
 INFO: Sensor TypeScript analysis [javascript] (done) | time=39446ms
 INFO: Sensor CSS Rules [javascript]
 INFO: 356 source files to be analyzed
 INFO: 356/356 source files have been analyzed
 INFO: Hit the cache for 0 out of 0
 INFO: Miss the cache for 0 out of 0
 INFO: Sensor CSS Rules [javascript] (done) | time=1955ms
 INFO: Sensor JavaScript/TypeScript Coverage [javascript]
 INFO: Analysing [/home/jenkins/agent/workspace/UI_vendor-portal_development/coverage/vendor-portal-site/lcov.info]
 WARN: Could not resolve 55 file paths in [/home/jenkins/agent/workspace/UI_vendor-portal_development/coverage/vendor-portal-site/lcov.info]
 WARN: First unresolved path: projects/vendor-portal-site/src/app.init.ts (Run in DEBUG mode to get full list of unresolved paths)
 INFO: Sensor JavaScript/TypeScript Coverage [javascript] (done) | time=75ms
 INFO: Sensor CSS Metrics [javascript]
 INFO: Sensor CSS Metrics [javascript] (done) | time=86ms
 INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
 INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=4ms
 INFO: Sensor IaC Docker Sensor [iac]
 INFO: 0 source files to be analyzed
 INFO: 0/0 source files have been analyzed
 INFO: Sensor IaC Docker Sensor [iac] (done) | time=51ms
 INFO: Sensor Serverless configuration file sensor [security]
 INFO: 0 Serverless function entries were found in the project
 INFO: 0 Serverless function handlers were kept as entrypoints
 INFO: Sensor Serverless configuration file sensor [security] (done) | time=4ms
 INFO: Sensor AWS SAM template file sensor [security]
 INFO: Sensor AWS SAM template file sensor [security] (done) | time=0ms
 INFO: Sensor AWS SAM Inline template file sensor [security]
 INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=1ms
 INFO: Sensor javabugs [dbd]
 INFO: Reading IR files from: /home/jenkins/agent/workspace/UI_vendor-portal_development/.scannerwork/ir/java
 INFO: No IR files have been included for analysis.
 INFO: Sensor javabugs [dbd] (done) | time=1ms
 INFO: Sensor pythonbugs [dbd]
 INFO: Reading IR files from: /home/jenkins/agent/workspace/UI_vendor-portal_development/.scannerwork/ir/python
 INFO: No IR files have been included for analysis.
 INFO: Sensor pythonbugs [dbd] (done) | time=1ms
 INFO: Sensor JavaSecuritySensor [security]
 INFO: Reading type hierarchy from: /home/jenkins/agent/workspace/UI_vendor-portal_development/.scannerwork/ucfg2/java
 INFO: Read 0 type definitions
 INFO: No UCFGs have been included for analysis.
 INFO: Sensor JavaSecuritySensor [security] (done) | time=2ms
 INFO: Sensor CSharpSecuritySensor [security]
 INFO: Reading type hierarchy from: /home/jenkins/agent/workspace/UI_vendor-portal_development/ucfg_cs2
 INFO: Read 0 type definitions
 INFO: No UCFGs have been included for analysis.
 INFO: Sensor CSharpSecuritySensor [security] (done) | time=1ms
 INFO: Sensor PhpSecuritySensor [security]
 INFO: Reading type hierarchy from: /home/jenkins/agent/workspace/UI_vendor-portal_development/.scannerwork/ucfg2/php
 INFO: Read 0 type definitions
 INFO: No UCFGs have been included for analysis.
 INFO: Sensor PhpSecuritySensor [security] (done) | time=0ms
 INFO: Sensor PythonSecuritySensor [security]
 INFO: Reading type hierarchy from: /home/jenkins/agent/workspace/UI_vendor-portal_development/.scannerwork/ucfg2/python
 INFO: Read 0 type definitions
 INFO: No UCFGs have been included for analysis.
 INFO: Sensor PythonSecuritySensor [security] (done) | time=0ms
 INFO: Sensor JsSecuritySensor [security]
 INFO: Reading type hierarchy from: /home/jenkins/agent/workspace/UI_vendor-portal_development/.scannerwork/ucfg2/js
 INFO: Read 0 type definitions
 INFO: Reading UCFGs from: /home/jenkins/agent/workspace/UI_vendor-portal_development/.scannerwork/ucfg2/js
 INFO: 15:17:25.823771 Building Runtime Type propagation graph
 INFO: 15:17:25.933184 Running Tarjan on 33385 nodes
 INFO: 15:17:25.970419 Tarjan found 33383 components
 INFO: 15:17:26.03585 Variable type analysis: done
 INFO: 15:17:26.038472 Building Runtime Type propagation graph
 INFO: 15:17:26.162441 Running Tarjan on 33385 nodes
 INFO: 15:17:26.183687 Tarjan found 33383 components
 INFO: 15:17:26.209271 Variable type analysis: done
 INFO: Analyzing 7089 ucfgs to detect vulnerabilities.
 INFO: Taint analysis starting. Entrypoints: 395
 INFO: Running symbolic analysis for 'JS'
 INFO: Taint analysis: done.
 INFO: Sensor JsSecuritySensor [security] (done) | time=19609ms
 INFO: ------------- Run sensors on project
 INFO: Sensor Analysis Warnings import [csharp]
 INFO: Sensor Analysis Warnings import [csharp] (done) | time=1ms
 INFO: Sensor Zero Coverage Sensor
 INFO: Sensor Zero Coverage Sensor (done) | time=4ms
 INFO: CPD Executor 34 files had no CPD blocks
 INFO: CPD Executor Calculating CPD for 556 files
 INFO: CPD Executor CPD calculation finished (done) | time=174ms
 INFO: Load New Code definition
 INFO: Load New Code definition (done) | time=142ms
 INFO: Analysis report generated in 272ms, dir size=9.2 MB
 INFO: Analysis report compressed in 988ms, zip size=6.4 MB
 INFO: Analysis report uploaded in 1333ms
 INFO: ANALYSIS SUCCESSFUL, you can find the results at: [snip]
 INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
 INFO: [snip]
 INFO: Time spent writing ucfgs 1643ms
 INFO: Analysis total time: 1:22.538 s
 INFO: ------------------------------------------------------------------------
 INFO: EXECUTION SUCCESS
 INFO: ------------------------------------------------------------------------
 INFO: Total time: 1:36.939s
 INFO: Final Memory: 367M/1308M
 INFO: ------------------------------------------------------------------------
 [15:17:53] Analysis finished.
 [Pipeline] }
 [Pipeline] // withSonarQubeEnv
 [Pipeline] timeout
 Timeout set to expire in 15 min
 [Pipeline] {
 [Pipeline] waitForQualityGate
 Checking status of SonarQube task 'AYw1aCZRn6J7ZvP3SRFp' on server 'Sonar'
 SonarQube task 'AYw1aCZRn6J7ZvP3SRFp' status is 'IN_PROGRESS'
 SonarQube task 'AYw1aCZRn6J7ZvP3SRFp' status is 'SUCCESS'
 SonarQube task 'AYw1aCZRn6J7ZvP3SRFp' completed. Quality gate is 'OK'
 [Pipeline] sh
 + npm run sonar:check
 
 > vendor-portal@0.0.0-MICROFRONTEND sonar:check /home/jenkins/agent/workspace/UI_vendor-portal_development
 > odk-sonar-check
 
 Sonar Config:
 {
   "options": {
     "sonar.exclusions": {
       "value": [
         "**/karma.conf.js",
         "**/index.ts",
         "**/polyfills.ts",
         "**/*.mock.ts",
         "**/app.init.ts",
         "**/auth-guard.service.ts"
       ],
       "merge": true
     },
     "sonar.typescript.exclusions": {
       "value": [
         "**/karma.conf.js",
         "**/index.ts",
         "**/polyfills.ts",
         "**/*.mock.ts",
         "**/app.init.ts",
         "**/auth-guard.service.ts"
       ],
       "merge": true
     }
   },
   "tests": [
     {
       "metric": "coverage",
       "threshold": 77,
       "desc": true
     },
     {
       "metric": "bugs",
       "threshold": 0
     },
     {
       "metric": "vulnerabilities",
       "threshold": 0
     },
     {
       "metric": "code_smells",
       "threshold": 285
     }
   ]
 }
 Analysis:
 {
   "component": {
     "key": [snip],
     "name": "ui.vendor-portal",
     "description": "No description.",
     "qualifier": "TRK",
     "measures": [
       {
         "metric": "bugs",
         "value": "0",
         "bestValue": true
       },
       {
         "metric": "coverage",
         "value": "80.7",
         "bestValue": false
       },
       {
         "metric": "code_smells",
         "value": "271",
         "bestValue": false
       },
       {
         "metric": "new_bugs",
         "periods": [
           {
             "index": 1,
             "value": "0",
             "bestValue": true
           }
         ],
         "period": {
           "index": 1,
           "value": "0",
           "bestValue": true
         }
       },
       {
         "metric": "vulnerabilities",
         "value": "0",
         "bestValue": true
       },
       {
         "metric": "new_code_smells",
         "periods": [
           {
             "index": 1,
             "value": "0",
             "bestValue": true
           }
         ],
         "period": {
           "index": 1,
           "value": "0",
           "bestValue": true
         }
       },
       null,
       {
         "metric": "ncloc",
         "value": "75181"
       },
       {
         "metric": "alert_status",
         "value": "OK"
       },
       {
         "metric": "new_coverage",
         "periods": [
           {
             "index": 1,
             "value": "95.6",
             "bestValue": false
           }
         ],
         "period": {
           "index": 1,
           "value": "95.6",
           "bestValue": false
         }
       }
     ],
     "time": "Mon, 04 Dec 2023 15:18:45 GMT"
   }
 }
 Quality Gate Details:
 {
   "level": "OK",
   "conditions": [
     {
       "metric": "new_coverage",
       "op": "LT",
       "period": 1,
       "error": "75",
       "actual": "95.6",
       "level": "OK"
     },
     {
       "metric": "coverage",
       "op": "LT",
       "error": "72.9",
       "actual": "80.7",
       "level": "OK"
     },
     {
       "metric": "blocker_violations",
       "op": "GT",
       "error": "0",
       "actual": "0",
       "level": "OK"
     },
     {
       "metric": "bugs",
       "op": "GT",
       "error": "0",
       "actual": "0",
       "level": "OK"
     },
     {
       "metric": "new_blocker_violations",
       "op": "GT",
       "period": 1,
       "error": "0",
       "actual": "0",
       "level": "OK"
     },
     {
       "metric": "new_bugs",
       "op": "GT",
       "period": 1,
       "error": "0",
       "actual": "0",
       "level": "OK"
     },
     {
       "metric": "new_critical_violations",
       "op": "GT",
       "period": 1,
       "error": "0",
       "actual": "0",
       "level": "OK"
     },
     {
       "metric": "new_vulnerabilities",
       "op": "GT",
       "period": 1,
       "error": "0",
       "actual": "0",
       "level": "OK"
     },
     {
       "metric": "vulnerabilities",
       "op": "GT",
       "error": "0",
       "actual": "0",
       "level": "OK"
     }
   ],
   "ignoredConditions": false
 }
4

Hi,

From your followup, I think I see two things going on.

Let’s talk about what’s in the new code. Did something in your code get marked deprecated? Did maybe a library get upgraded (and the new version includes new deprecations)? That would legitimately cause old uses of that newly deprecated code to have “new” deprecation issues raised on them. There’s a little more in this guide

We get occasional reports of this (and we’ve seen it occasionally ourselves), but it’s as hard to track down as bigfoot. If you spot any pattern at all here, we’d love to have the details.

Yeah… that’s been toned down in subsequent versions. Sorry 'bout that.

 
Ann

5

Thanks, that’s helpful. We did add an exclusion (didn’t remove any). The code change was mostly with behavior in our top-level application files (think main.ts, app.component.ts, etc.) I don’t see any commonly used methods that have new signatures or anything.

There were some config changes: strict mode was turned off in our tsconfig.json and we made a number of config changes for Angular (angular.json).

The main update was to convert our Angular build into an Angular Elements web component. So we added/removed various Angular modules. I’d expect the runtime to be pretty different.

But the actual changes to TypeScript files are minimal, especially ones that might be referenced by some of these files with code smells.

6

Hi,

That could explain this:

I believe our TypeScript analysis is pretty sophisticated at this point. I believe swapping around the underpinnings would change how your files are interpreted by analysis.

 
Ann