We are using SonarQube 7.6 version and mainly to scan C# and .Net projects.
We did set up multiple projects successfully and also able to scan the project to see various bugs, vulnerabilities and code smell being reported.
But the issue we see is when we ran the Sonar scan on the same project without changing anything on the same, it is weird that this time we are seeing “NEW” Bugs/Vulnerabilities/Code smell reported on the same code which is not modified since ages. Attaching the image of the same here.
Also if these are being reported as new issues, why only specific issues and not all of them? We are using default C# Quality Profile and changed Quality Gate according to our project needs.
Could you please let us know if we are missing some unknown configuration/administration setting/tweak which is the probable reason behind this.