Running Quality Scan against an OpenSource application with no code changes results in 2 different "code smells" metric value randomly

Details:

  • versions used
    SonarQube OpenSource Version 6.7.5 (build 38563)

  • error observed (wrap logs/code around triple quote ``` for proper formatting)
    Scanning same application (I use OpenSource spring petclinic) scanned using maven results in different metric (Code smells) randomly. It is either 7 or 67 (see picture). Really hard to make a quality gate in Jenkins or GitLab CI. No code change is done.

./mvnw sonar:sonar -Dsonar.host.url=http://$SONAR_HOST:$SONAR_PORT -Dsonar.login=$SONAR_TOKEN

  • steps to reproduce
    Take an opensource application (i.e. spring petclinic) and launch sonar scan against it in GitLab CI multiple times.

  • potential workaround
    Not known

Hi,

Your screenshot shows that every single analysis has a Quality Profile event. One of

  • Use ‘Sonar way’ (XML)
  • Stop using ‘Sonar way’ (XML)

Since it doesn’t supply an alternate XML profile to use, it looks like the inclusion of XML in your analysis is toggling. The question is why. Are you making any settings changes between analyses (maybe exclusions)? Any changes to the parameters that are/are not passed in on the command line?

Also, can you share analysis logs? Perhaps one of each?

 
Ann