SonarQube 7.9.1 LTS
GitHub Enterprise 2.20.5
Jenkins 2.222.1 LTS
I am using SonarQube PR decoration with GitHub Enterprise. Have noticed that the PR analysis brings some old issues (already reported on base branch) and reports them as ‘New’. What is the reason ?
- Changed a file in PR and added few lines of code
- PR analysis shows the new findings in those lines correctly, also assigns them to the PR author (No issues here)
- But it also brings up old issues in PR analysis, and since it could not detect the author (rightly so - because the code was not changed), it does not assign those issues to anyone
No SCM detection issues in the PR analysis log.
Issues reported by PR analysis:
Same issues were already reported in base branch:
Not having an author for the issues in the P/R makes me thing maybe the scanner failed to detect SCM information. Could you open the file in SonarQube and see if there is blame information (click on the bar at the left of the line to see it). Do you have the logs of the scanner for that pull request?
Hi @dmeneses , As I mentioned earlier there was no problem with SCM detection. Files which were changed were correctly detected and blame information was available. Issues coming out of changed code were also correctly assigned to author.
Problem is that PR analysis also brings up old issues, and since it could not detect the author (probably because code did not even change), it does not assign those issues to anyone. What I am trying to figure out is why did old issues come up as new in PR analysis ?
Attaching log.ConsoleLogPR138.txt (15.7 KB)
If old issues are appearing in the P/R it means that SonarQube wasn’t able to match those issues with the existing issues in its target branch.
It’s strange that they aren’t assigned, because the fact that the code hasn’t changed where the issues are located doesn’t play a role in the detection of the author. It should be based on the SCM blame and that’s why I asked about the SCM blame information. There is a difference between detection of changes in the P/R using the SCM and the detection of the SCM blame.
I can see that the issues in master were created “last month” while the new unassigned ones have a creation date of 2 months ago. This is strange and again indicates that the SCM blame might be wrong.
Correct. Any clues as to what is causing this and how to fix this ?
Could you check if the blame information is correct around on of the issues in the pull request and also in master?
You can click on the left bar next to any line to see it - see example below.
Yes, both pull request analysis and master have the correct blame information.
So the line where the issue is located has an older blame date in the pull request compared to the same line in master? Could you share the logs of the scanner for the pull request analysis with debug enabled?
Unfortunately because of this issue, I had to delete the project from SonarQube, thus entire scan history is gone. I am not able to recreate the issue now.