Pull Request analysis contains old/existing issues from the Main/Master branch

  • SonarQube Developer Edition, Version 9.2.4 (build 50792)
  • SQ scanner 2.8.1 (NPM package: sonarqube-scanner)
  • GitHub Enterprise Server 3.4.6

Context

Note: My team recently added the SonarQube scanner as a CI/CD step to check our PRs in our GH repository and it is quite possible that we configured something wrong.

Issue: When scanning our pull request branches, SonarQube unexpectedly includes bugs found in the master branch in the resulting analysis of each PR. Those bugs (from the main branch) have nothing to do with the code in the specific PR (literally the PR changes don’t even touch those bug files).

Interesting aspects:

  • This issue happens periodically (in about 80% of cases),
  • Usually it includes1-2 (recently found) bugs from the main branch (but not all. Note: we have around ~200 bugs in the main total).

Current behavior: Quality Gate CI/CD check fails and blocks our PR merge due to irrelevant bugs found in the main branch and included in the scan analysis of individual PR (feature branch).

Expected Result: SonarQube scan analysis of our PRs should be free of irrelevant bugs from the main branch.

Screenshots:



SQ scanner settings:

  • sonar.pullrequest.base = “main”;
  • sonar.pullrequest.branch = <<branchName>>
  • sonar.pullrequest.key = <<branchKey>>

Thanks so much in advance

  • It looks like your analysis has 2 warnings (in the upper right of your project dashboard). What are they?
  • Where are you running your SonarQube analysis (which CI/CD pipeline platform are you using?)
1 Like
  • CircleCI
  • Warnings: (the code that has bugs in the main branch definitely has blame information (i can see this info partially on the 2 screenshot)
    Screen Shot 2022-09-15 at 1.44.25 AM

Thanks.

I would suggest two things:

  • Check the scanner logs (in CircleCI) like it recommends, any warnings?
  • The latest version of SonarQube is v9.6v9.2 is pretty dated at this point (and at any given time, only the latest version of a non-LTS version is supported). An upgrade would put you at the best starting point for troubleshooting.