Pull request - Quality gate new code not being scanned

akshayts · May 30, 2022, 11:19am

Hi,

We’re using:

SonarQube Developer Edition 8.9.7
Github
Google cloud platform
Maven
Java 1.8

Issue in short: when we update a pull request and create an issue, this issue is not reported by SonarQube on the pull request.

Scenario:

we create a branch from the master
we create a pull request from this branch to the master
we introduce, for test purpose, a high severity issue

The new code is not visible in the code tab

The arguments passed
mvn sonar:sonar -P sonarscanner -Dsonar.analysis.buildNumber=$BUILD_ID -Dsonar.analysis.commitSha=$COMMIT_SHA -Dsonar.qualitygate.wait=true -Dsonar.pullrequest.branch=$BRANCH_NAME -Dsonar.pullrequest.base=master -Dsonar.pullrequest.key=$_PR_NUMBER -Dsonar.projectKey=com.snapengage:snapengage -Dsonar.organization=default-organization -Dsonar.language=java -Dsonar.binaries=build/classes -Dsonar.scm.revision=$(git rev-parse --abbrev-ref HEAD) -Dsonar.verbose=true -X;

In the logs, it shows “SCM reported 0 files changed in the branch” and the Merge base hash is pointing to the commit of the Pull request branch.

I added Dsonar.scm.revision=$(git rev-parse --abbrev-ref HEAD) after checking a similar issue here but that hasn’t worked.

Please let us know what needs to be changed in order to get this working.

Best regards,
Akshay

ganncamp · May 31, 2022, 6:55pm

Hi Akshay,

Welcome to the community!

Could you provide your full analysis log (text, not screenshot) starting from the analysis command?

Thx,
Ann

akshayts · June 1, 2022, 10:08am

Hi Ann,

The logs contain sensitive information, I would prefer if I can share the full analysis log privately. Can you provide an email ID to which I can send the logs?

Akshay

ganncamp · June 1, 2022, 11:32am

Hi Akshay,

Feel free to redact the sensitive information.

Ann

akshayts · June 28, 2022, 6:05pm

Hi Ann,

Please find the full analysis log with debug enabled
Sonarqube_qualityGate.zip (777.3 KB)

Best regards,
Akshay

ganncamp · June 28, 2022, 6:35pm

Hi Akshay,

The log is nearly 300k lines. Can you narrow it down for me with the name of the file where you introduced the missing issue?

Ann

dmeneses · June 28, 2022, 7:27pm

Based on the logs in the original post, it looks like the scanner is not detecting any changed code with git.

Could you check if the merge base sha1 that is in the logs is correct? And that the diff between the sha1 being analyzed and the merge base sha1 is not empty?

Topic		Replies	Views
Pull request new code not being scanned SonarQube Server / Community Build sonarqube	14	4934	August 16, 2019
Project does not pass the quality gate after successful Pull Requests SonarQube Server / Community Build sonarqube , scanner , pull-request	3	2505	May 26, 2021
SonarQube Quality Gate alerts about issues unrelated to the pull request SonarQube Server / Community Build sonarqube , quality-gate	4	240	March 11, 2024
Pull request has violations but still mark the quality gate as passed SonarQube Server / Community Build java , sonarqube	3	486	January 12, 2021
Short Lived Branch / Pull Request code coverage quality gate not working SonarQube Server / Community Build	7	1867	June 10, 2019

Pull request - Quality gate new code not being scanned

Related topics