Sonar is reporting new issues on source files that have not been modified for months


You didn’t say this is in a PR, but it’s still worth noting that typically when you see issues on old code reported in a pull request, it’s because there was a problem reading the SCM data, which is how analysis determines what’s new. Either that, or the branch being targeted by the PR wasn’t available in the local repository.

If you check the bottom of your analysis log, do you see a message about SCM detection being disabled?

Additionally, there are very legitimate reasons “new” issues show up in old code, as described in this guide.