Sonar identifies new problems on old code

Sonarqube Community 9.9 - Sonarqube enterprise 9.9

We have deployed sonarqube community and sonarqube enterprise. We have in each project the specific configuration for a branch. The problem we are having is that in some projects, sonar identifies new issues in files that have not been modified and sonar does not identify that these files have new lines. Therefore, we have new issues in files that have not been modified for a long time. Why is this happening?

in this image, the file has no new lines but has 4 new issues. The last modification of this file is 1 years ago.


Welcome to the community!

It’s entirely possible for legitimately new issues to be raised in old code. For instance, let’s say you update methodA, which couldn’t previously return null, so that it can now return null . Old calls to methodA must now null-check return values before dereferencing. If they don’t, new null pointer issues will legitimately be raised on those old calls.

Another case where new issues can show up on old code is when your analysis configuration changes. Let’s say you remove an exclusion, so that old code that was previously ignored is now analyzed. Those are newly-raised - and legitimately “new” - issues on old code. Or say your analysis configuration changed so that dependencies that were previously unavailable to analysis are now included. Those newly-provided dependencies give a deeper understanding of the code, which allows previously overlooked issues to be newly raised.

You may think that some of these issues should be backdated, but issues are only backdated in certain circumstances. The docs explain how issues are determined to be new, and when they’re backdated.


1 Like