- SonarQube Developer Edition, Version 9.2.4 (build 50792)
- SQ scanner 2.8.1 (NPM package: sonarqube-scanner)
- GitHub Enterprise Server 3.4.6
Context
Note: My team recently added the SonarQube scanner as a CI/CD step to check our PRs in our GH repository and it is quite possible that we configured something wrong.
Issue: When scanning our pull request branches, SonarQube unexpectedly includes bugs found in the master branch in the resulting analysis of each PR. Those bugs (from the main branch) have nothing to do with the code in the specific PR (literally the PR changes don’t even touch those bug files).
Interesting aspects:
- This issue happens periodically (in about 80% of cases),
- Usually it includes1-2 (recently found) bugs from the main branch (but not all. Note: we have around ~200 bugs in the main total).
Current behavior: Quality Gate CI/CD check fails and blocks our PR merge due to irrelevant bugs found in the main branch and included in the scan analysis of individual PR (feature branch).
Expected Result: SonarQube scan analysis of our PRs should be free of irrelevant bugs from the main branch.
Screenshots:
SQ scanner settings:
- sonar.pullrequest.base = “main”;
- sonar.pullrequest.branch =
<<branchName>> - sonar.pullrequest.key =
<<branchKey>>
Thanks so much in advance
