Languages of the repository: PHP, JavaScript/TypeScript
Error observed:
When we previously released our software (via a pull request from a release branch to the main branch) the SonarCloud scan picked up issues only dating back to October 2023. This seems correct for ‘new code’.
This release, the SonarCloud scan has picked up issues dating back to 2017. There are obviously a lot more issues in that time range, which caused the quality gate to fail.
We use ‘Previous Version’ as the definition for new code, and that hasn’t been changed between these two releases.
Does anyone know of any levers we might have bumped to cause this? Or could it be a problem with SonarCloud itself?
This sounds like a problem determining what code is new. Analysis uses SCM blame data to understand which code is new and which is old. If you check your analysis, you’ll probably see indications of that toward the end.
So based on that, if someone made a small change in an old file that hasn’t been touched for a while, would that possibly bring the whole file into scope for Sonar analysis? Or should it only include the changed lines/sections?
Sorry to be specific here - but regarding “PR analysis is limited to only those files that have changed” does that mean that if I change one line in an old file that hasn’t been touched for a while, and create a PR for that, then Sonar will analyze the entire file that I have changed and raise issues in that file? Or will it only raise issues for the line that I changed?
