Hi , Im using sonarqube enterprise edition 9.9 LTA . I’m running static scans twice a month using sonarube github actions workflow.My project is ant based Java project, and Im not setting any sonar. projectVersion property in my workflow. My question is regarding thelines of code discrepency in my project.
So far three scans have ran for my project. The first time there was no new code in the projects dashboard, the overall vulnerabilities were 15. The third scan gave out 50 vulnerabilities , the lines of code has also more then doubled. I didnot change my scan configs for all three scans. Could you please explain why my Loc and vulnerability counts have increased , or why there items were not picked up in the first scan but only in the third scan.