- Azure DevOps Git Repo
- Azure DevOps YAML Pipeline
- Java project using Gradle Scanner Plugin
- The checkout stage is doing
fetchDepth: 0
I’ve got an issue which I’m seeing mainly on one of our projects which is similar to this thread:
Extra Issues highlighted on lines with no code change
Although for me it is on the main branch scans not the Pull Requests which the linked thread is. There is lots of discussion going on in that thread still so didn’t want to chip in with my not directly related issue.
The issue I’m seeing is that our main branch had a few issues highlighted when we first scanned it and we resolved these. The scan correctly showed the issues at zero but then a few scans later more issues were present. Sometime this has been after merging a PR that reported no issues and sometime just scanning the exact same commit that came before it. The lines with the reported errors have not been changed and in the issue list it shows this by saying “1 year ago” next to some of them. This date does line up to when the issue was introduced.
To look at fixing it I’ve tried a few things, one of discrepancies noticed was when we first on boarded the project in that we tested it out on a branch other than main and main hadn’t yet been created. I admit that must be a strange scenario for normal operation, having PR to merge to main but there being no scan in main to compare with.
To address this I deleted the Sonar Project and then created it again with a different key and made sure main was the first branch scanned. This highlighted quite a few old issues so I thought that was the key to fixing it and we’ve carried on.
When we then merged in the PR which brought our issues back to zero it only stayed at zero for one more scan. That same commit was then re-scanned and 199 issues popped up, as no change was made between these two scans they are all on existing code.
What does stand out for this one and I can’t be sure if the same was for the other occurrences is that these new issues are all on unit test code.