Sonar raise old issues on new code analysis

SonarQube
,
1

Hi,

First : SonarQube 9.8 Entreprise Edition

Sometimes, projects analyzes raise issues on old code. We have this problem since long time.
And this problem came back last week on differents projects.
For example : 2 analyzes on the same project at 3 hours intervals.
Between theses analyses, only on file has changed : javascript file.
Sonarqube server not changed (no server update, no conf update,…)

The first analisys finished on PASSED with 0 issue. And the second finished on FAILED with many issues

image
image1252×136 10.7 KB

image
image1267×228 19.1 KB

image
image1024×541 24.7 KB

We run analyses with gitlab runner. The cicd job launch the commands :

script: 
    - mvn verify 
    - mvn11 sonar:sonar "-Dsonar.projectKey=xxxx-xxxx" "-Dsonar.qualitygate.wait=true"

The result of the second analysis :

image
image1179×883 83.4 KB

image
image906×375 18.4 KB

We can see above that this issue exist since March 2018 and raise only 6 days ago.

I join on this post last analysis reports for this project and the configuration of our server Sonarqube.

Sorry for my bad english. Thanks for your help.

run_20221024_Passed.txt (52.6 KB)
run_20230130_Failed.txt (49.3 KB)
run_20230130_Passed.txt (52.9 KB)
sonarqube-system-info-92D88F0A-AWmRIUf37tnscMPgq-uu-2023-2-6-10-20.json (16.5 KB)

2

Hey there.

It looks like in your first build, some dependencies failed to be resolved and that didn’t fail the build.

Downloading from thelem: http://pr.app.picrepo.grsea.priv:8081/repository/public/fr/thelem/upload/piece/upload-piece-service/2.13.1.2-SNAPSHOT/upload-piece-service-2.13.1.2-SNAPSHOT.jar	
Downloading from thelem: http://pr.app.picrepo.grsea.priv:8081/repository/public/fr/thelem/upload/piece/upload-piece-service/2.13.1.2-SNAPSHOT/upload-piece-service-2.13.1.2-SNAPSHOT-tests.jar	
[WARNING] The following dependencies could not be resolved at this point of the build but seem to be part of the reactor:	
[WARNING] o fr.thelem.upload.piece:upload-piece-common:jar:2.13.1.2-SNAPSHOT (compile)	
[WARNING] o fr.thelem.upload.piece:upload-piece-service:jar:2.13.1.2-SNAPSHOT (compile)	
[WARNING] o fr.thelem.upload.piece:upload-piece-dao:jar:2.13.1.2-SNAPSHOT (compile)	
[WARNING] o fr.thelem.upload.piece:upload-piece-service:jar:tests:2.13.1.2-SNAPSHOT (test)	
[WARNING] o fr.thelem.upload.piece:upload-piece-dao:jar:tests:2.13.1.2-SNAPSHOT (test)	
[WARNING] Try running the build up to the lifecycle phase "package"

The logs note later on:

[WARNING] Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.	
[WARNING] Use of preview features have been detected during analysis. Enable DEBUG mode to see them.

SonarQube relies on having the dependencies to perform an accurate scan, and they were missing here. I would recommend not letting your build continue if dependencies are missing.

You can get these issues to be backdated by following a rather sucky workaround.

  • Set an exclusion for the file(s) not backdated properly
  • Set sonar.dbcleaner.daysBeforeDeletingClosedIssues in your project’s Database Cleaner settings to 0, and reanalyze
  • Reanalyze code, removing the files from SonarQube and any issues associated with them
  • Remove the exclusion and reanalyze code. The issues. will now be backdated properly.

Or, if there have only been two analyses on the project: delete the project and start over.

1 Like