Must-share information (formatted with Markdown):
- which versions are you using SonarQube 8.5.1
- what are you trying to achieve: shallow clone with accurate analysis
- what have you tried so far to achieve this - none
Recently our CI has changed to use shallow clone for git repository, now SonarQube starts to report issues for PRs that are not introduced by the PR, after some research I found it’s mostly caused by shallow clone that SonarQube can’t get accurate information to determine what code is newly added by each PR.
In this doc: https://docs.sonarqube.org/latest/analysis/scm-integration/ it says that:
- SCM-driven detection of new code (to help with Clean as You Code). Without SCM data, SonarQube determines new code using analysis dates (to timestamp modification of lines).
So I wonder what does it mean by “analysis dates”? Is it possible, to use the last analysis date of develop as baseline, to generate reports for each PR, this way it can be more accurate. Is there any configuration I can change to achieve this?
I can see in Administration → Configuration → New Code where the following is selected for Default New Code Behaviour:
Previous version (Default) - The New Code will be based on the analysis following the previous version.
(the other option is Number Of Days which sounds more coarse)
So I wonder what “Previous Version” is here, if it’s the the previous version of each PR, how does it work for the very first commit of each PR? And what exactly does it mean by “Without SCM data, SonarQube determines new code using analysis dates (to timestamp modification of lines)”?
Thanks!