Shallow clone: how does SonarQube work with analysis dates?

Must-share information (formatted with Markdown):

  • which versions are you using SonarQube 8.5.1
  • what are you trying to achieve: shallow clone with accurate analysis
  • what have you tried so far to achieve this - none

Recently our CI has changed to use shallow clone for git repository, now SonarQube starts to report issues for PRs that are not introduced by the PR, after some research I found it’s mostly caused by shallow clone that SonarQube can’t get accurate information to determine what code is newly added by each PR.

In this doc: https://docs.sonarqube.org/latest/analysis/scm-integration/ it says that:

  • SCM-driven detection of new code (to help with Clean as You Code). Without SCM data, SonarQube determines new code using analysis dates (to timestamp modification of lines).

So I wonder what does it mean by “analysis dates”? Is it possible, to use the last analysis date of develop as baseline, to generate reports for each PR, this way it can be more accurate. Is there any configuration I can change to achieve this?

I can see in Administration → Configuration → New Code where the following is selected for Default New Code Behaviour:

Previous version (Default) - The New Code will be based on the analysis following the previous version.

(the other option is Number Of Days which sounds more coarse)

So I wonder what “Previous Version” is here, if it’s the the previous version of each PR, how does it work for the very first commit of each PR? And what exactly does it mean by “Without SCM data, SonarQube determines new code using analysis dates (to timestamp modification of lines)”?

Thanks!

Hi,

Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

8.5.1 → 8.9.9 → 9.6 (last step optional)

You may find the Upgrade Guide and the LTS-to-LTS Upgrade Notes helpful. If you have questions about upgrading, feel free to open a new thread for that here.

Note that even after analysis, you won’t get “shallow clone with accurate analysis” for PRs.

 
Ann

Thanks for the reply, yes we’re planning to upgrade the version. Just wondering what “analysis date” it is using by “Without SCM data, SonarQube determines new code using analysis dates (to timestamp modification of lines).”?

Hi,

Yes, without SCM data we use analysis dates.

 
Ann