Sonar doesn't detect all "code smells" in PR analysis


I am writing to bring to your attention a problem we are encountering with SonarQube.

Upon submitting a Merge Request (MR), we initiate code analysis in Sonar, but unfortunately, it fails to detect any issues. Strangely, after the MR is merged, running the analysis again on the main branch reveals “code smells” in the file that was part of the MR. These code smells should have been detected during the MR analysis stage!

Additionally, sometimes (feeling rather random) analysis of the “main” branch identifies new “code smells” in old code, which are not correlated to the code introduced in the MR.

For your reference, here are the details of our current setup:

  • SonarQube Version: 9.2.4
  • sonar-scanner-cli Version: 5.0.1
  • Deployment Method: Docker

Thank you in advance for your prompt attention to this issue.
Best regards,


Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

9.2.4 → 9.9.3 → 10.3 (last step optional)

You may find these resources helpful:

If you have questions about upgrading, feel free to open a new thread for that here.

If your issue persists after upgrade, please come back to us.