Some new development branch issues are not reported in pull-request scan

Sonar Enterprise Version 10.3 (build 82913)
Running in Virtual Machine

We are using clean-as-you-code and using pull-request analysis to catch problems on development branches and fix them prior to merge to parent branch (typically master). Unfortunately we are finding there are a class of issues that are not being reported in pull-request analysis and get introduced on the parent branch when the changes are merged. The following rules have this behavior and I suspect this can occur with any ‘unused’ issue such as unused variables or private fields.

  1. java:S1128 (Unused imports)
  2. java:S1144 (Unused private methods)

An example of this type of problem would be to remove all references to a private method ‘foo()’ but do not change the method ‘foo()’ definition. After merge to master the method ‘foo()’ will be newly reported as an instance of the ‘java:S1144’ rule.

I believe this occurs because the origin of the error is part of unchanged code on the development branch but the error was triggered from changes elsewhere in the source file.

Ideally if changes that are part of a pull-request generate a new issue, that issue should be reported in the analysis even if the lines where that new issue reported were not changed.

Is there any way to catch this type of problem on the development branch prior to merge to parent branch?

1 Like

Hi @tdennler,

This is a known limitation of PR analysis - detection of new code as describe in Pull request analysis & SonarQube

In certain contexts, this problem can be very penalizing for development teams. We get around it by performing a complete analysis of the PR as if it were a branch, to the detriment of performance. You can also double your complete analysis with a PR analysis to get the decoration. Quality Gate must then be applied to the complete analysis.

1 Like