Scanner in PR is giving different metrics than in branches

SonarQube Server / Community Build
,
1

Hello,
I’m using gitlab to scan my project under SonarQube instance.
The source and target branch have same code and same metrics under SonarQube New & Overall code metrics, However when I run a Merge request , the Pull Request in SonarQube is showing lower metrics.
Here is script for branch scan:

  • sonar-scanner -Dsonar.qualitygate.wait=true -Dsonar.projectVersion=$CI_PIPELINE_IID -Dsonar.projectKey=$CI_PROJECT_NAME -Dsonar.host.url=$SONAR_URL -Dsonar.token=$SONAR_TOKEN -Dsonar.projectBaseDir=$CI_PROJECT_DIR -Dsonar.coverage.exclusions=$SONAR_COVERAGE_EXCLUSION -Dsonar.exclusions=$SONAR_EXCLUSION -Dsonar.cpd.exclusions=$SONAR_CPD_EXCLUSION -Dsonar.sources=$CI_PROJECT_DIR -Dsonar.java.binaries=.

Here is script for PR scan:

  • sonar-scanner -Dsonar.qualitygate.wait=true -Dsonar.projectKey=$CI_PROJECT_NAME -Dsonar.host.url=$SONAR_URL -Dsonar.token=$SONAR_TOKEN -Dsonar.projectBaseDir=$CI_PROJECT_DIR -Dsonar.projectVersion=$CI_PIPELINE_IID -Dsonar.coverage.exclusions=$SONAR_COVERAGE_EXCLUSION -Dsonar.exclusions=$SONAR_EXCLUSION -Dsonar.cpd.exclusions=$SONAR_CPD_EXCLUSION -Dsonar.sources=$CI_PROJECT_DIR -Dsonar.java.binaries=. -Dsonar.pullrequest.key=$CI_MERGE_REQUEST_IID -Dsonar.pullrequest.branch=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME -Dsonar.pullrequest.base=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
2

Hi,

Welcome to the community!

Are the code changes in your MR / PR fully covered by tests?

 
Ann

3

Hello,
Thanks for your reply, The code is fully covered only in the source and target branches New code with 100%, however in the overall code we have 70% for both branches .
I understood like the PR is considering all code as new code wich needs the overall code to get higher in the source and target branches as well in order to fit to clean as you code approach in the PR and get passed.

4

Hi,

Assuming that proper SCM metadata is available to analysis, only the code that changed in the PR should be considered new code.

I’m a little confused here, but I suspect I’m not alone in that. :sweat_smile:

To Clean as You Code, you only need to make sure the code you check in today is clean and fully covered. Don’t worry about the overall code in the underlying branches. Making sure your new code is always good means your overall code will gradually improve, organically.

 
HTH,
Ann

5

Hello,
In the source and target branches we have new and overall code metrics.

In the PR we don’t have metrics for new and overall code seperated , what we have is it a calculation and combination in same metrics of new and overall code ?

In source and target branch we have 100% coverage in new code analysis, however in PR we have less.

6

Hi,

PR analysis only provides issues and metrics for what was changed in the PR. I.E. PR analysis is all New Code.

When you look at the lines that show up as uncovered in the PR in SonarQube, are you saying they show up as covered in other places?

 
Ann

7

No this is legacy code which is considered overall code in source and target branches scan, this leads us to say that PR is considering overall and new code from source and target as New code in the PR.
I think that we need to increase the metrics in the source and target branches for overall code before proceeding the PR.

8

Hi,

Again,

So this is likely about the prerequisites.

 
HTH,
Ann

1 Like
9

Thank you @ganncamp for your support.

1 Like