Pull Requests including Extra New Code

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Sonarqube * Enterprise Edition * Version 9.9.2 (build 77730)

  • how is SonarQube deployed: Zip file / sonarqube running as a service

  • what are you trying to achieve
    PR analyses are reporting a much higher count of New Code than is actually included in the PR
    This occurs in select SQ projects only and has only started in the past 10 days.

  • what have you tried so far to achieve this

Reviewing the PRs to confirm changes do not reflect the “New Code” in the SQ analysis.

Comparing the previous configuration of project with current configuration doesn’t seem to show any differences (now with the undesirable behaviour)

Comparing project1 (too much new code included) with project2 (the expected amount of new code included) does include a difference of usage of -Dsonar.pullrequest.base parameter; varyingly used to target master or a team branch, but it’s not consistent.Some analyses have -Dsonar.pullrequest.base=master with the too high new code count and some analyses have -Dsonar.pullrequest.base=master with the accurate count of new code.

Of note as well, that the change in behaviour occurred around the same time as the SQ DB was upgraded. Previously we were running postgresql v11 and now we are running v15. There were no errors reported during the upgrade, but no testing has occurred to confirm if the data was changed. We are unsure if this is a possibility for the source of the new code reporting issue.

There are no flags in any log files on the app server or the build servers that indicate what is ‘wrong’ so I’m hoping the Community may be able to shed some light on what we’re seeing in our various projects.
The expectation is that Sonarqube will include only the new lines of code in the PR, but instead the reports are including code that is NOT in the PR (by the 1000’s of lines). And also why it is not a consistent “target branch decides the new code” result.


We have discovered the source.

It was related to a build-script change back prior to the suspected upgrade date. We have init-vm scripts we run after a new VM is created to prime the gradle caches on the VM. It was updated to build master and X.0XX/release. However it left the local refs for master and X.0XX on the machine.

Then the gradle scanner looks for the current rev of the value of sonar.pullrequest.base. That logic looks at local refs first then origin refs for the branch. All was fine when the local ref wasn’t present. but when it is it will use it. That local ref points to master when the VM was deployed, and never changes.

This was causing the additional lines included in ‘new code’ because the comparison was with a very old base.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.