Sonar Scan[EE] shows different scan results for branch and PR

Hi Team

We are using Sonarqube enterprise edition 8.9.3. I have a query regarding a certain behaviour. Consider the below scenario.

  1. Created a feature branch called sonar-integration from staging branch of the project xxx.

  2. Added sonar scan code(only) in Jenkinsfile and pushed the changes.

  3. Now build ran, qualified the QG.

  4. I created a PR w.r.t sonar-integration branch towards staging.

  5. PR build runs, executes sonar scan and the QG fails this time.

CI - Jenkins
Remote Repos - Github
Project Configuration is default.



Hi,

Welcome to the community!

I guess the question is “Why?” :smiley:

Depending on your project-level New Code Period settings, your first analysis of a new branch will likely always pass the Quality Gate. Your first analysis is acting as a baseline - compare all new analyses to this. You expected all the code added/updated since the branch point to be automatically detected as “new” but for that you’d need to set the reference branch.

Probably want you want to consider is taking the setting applied at project level and apply it specifically to the main branch. Then I believe you can set the project-level New Code Period to using the main branch as a reference.

As to why the QG correctly failed for the PR, it works differently there. For PRs the New Code Period is automatically set to changes since the branch point.

 
HTH,
Ann