which versions are you using (SonarQube 8.6, Scanner 3.7, Plugin -maven sonar scanner , OS -linux )
what are you trying to achieve: Sonar should report/bugs on New code only
what have you tried so far to achieve this: We have defined to consider New code as “previous version(default)” and we are passing sequence number for the -Dsonar.project.version, so that every build/analysis can be considered as “new code”.But Sonar is not reporting the issues/bugs on my current build/commit alone, considering other files or whole lines of code .
How to fix the issue? What parameters do i need to check.
Do i need to check any configuration from Git level?
This is not a great practice – every time you run an analysis, the definition of what is “new” has changed. If you so much as fix a typo and rebuild, you’ll suddenly reset the New Code Period.
Do you mean SonarQube is reporting old issues as New, or that the scanner performs a full scan of the repository? The first case is something to look into, while the latter is a fact of how SonarQube works – a full scan of the repo is done each time.
This is not a great practice – every time you run an analysis, the definition of what is “new” has changed. If you so much as fix a typo and rebuild, you’ll suddenly reset the New Code Period.
–>multiple developers working on the same repo and hit build from multiple developers.
so to avoid accumulating the one developer issues with other developer issues, we made each build as new version.
I have modified 4 files, and pushed the code to gerrit and jenkins job got triggered so i can see 4 file changes in Sonarqube.–> this is correct
But in some cases(not sure which scenario), if i modify 4 files, in addition to 4 files, i could see extra files in sonar say 5 files. 5th file is not sure from where it is considering from previous commit. Sonar doing analysis on 5th file also and reporting the issues which is not part of my commit.
It sounds like some of the issues you’re facing would be solved by Branch Analysis which is a part of the Developer Edition of SonarQube and higher – where developers can analyze branches/pull requests focused on the changes they’ve made.