Sonar Scanner not picking up a code smell


I’m having some problem with SonarQube to capture this code smell that I introduced to my code plugins/backend/src/myFile.ts

Change added on the PR

let j = 0;

for (let i = 0; i < 10; j++) { // Noncompliant

// ...



The file shows to be capture on the analisys according to the following SonarScan execution


22:56:53.288 DEBUG: 'plugins/backend/src/myFile.ts' generated metadata with charset 'UTF-8'
22:56:53.289 DEBUG: 'plugins/backend/src/myFile.ts' indexed with language 'ts'
22:57:29.881 DEBUG: Cache entry extracted for key 'js:filemetadata:'
22:57:29.882 DEBUG: Cache strategy set to 'WRITE_ONLY' for file 'plugins/backend/src/myFile.ts' as the current file is changed
22:57:29.882 DEBUG: Analyzing file: file:///app/plugins/backend/src/myFile.ts
22:57:29.884 DEBUG: Analyzing file "/app/plugins/backend/src/myFile.ts" with linterId "unchanged"
22:57:29.932 DEBUG: Cache entry created for key 'jssecurity:ucfgs:SEQ:' containing 1 file(s)
22:57:29.934 DEBUG: Cache entry created for key 'jssecurity:ucfgs:JSON:'
22:57:29.934 DEBUG: Cache entry created for key 'js:filemetadata:'
22:57:35.821 DEBUG: Detection of duplications for /app/plugins/backend/src/myFile.ts
22:57:35.853 INFO: CPD Executor CPD calculation finished (done) | time=149ms
22:57:35.874 DEBUG: SCM revision ID '25a1cf898cd12738ab6b45600906c92b4788570a'
22:57:36.021 INFO: SCM writing changed lines
22:57:36.030 INFO: Merge base sha1: a801abfd2a75a544af59959a892bae4050b94d91
22:57:36.031 DEBUG: SCM reported changed lines for 0 files in the branch
22:57:36.031 INFO: SCM writing changed lines (done) | time=10ms
22:57:36.042 INFO: Analysis report generated in 175ms, dir size=269.1 kB
22:57:36.412 INFO: Analysis report compressed in 370ms, zip size=196.4 kB
22:57:36.413 INFO: Analysis report generated in /app/.scannerwork/scanner-report
22:57:36.413 DEBUG: Upload report
22:57:36.451 DEBUG: POST 200 | time=37ms
22:57:36.455 INFO: Analysis report uploaded in 42ms
22:57:36.457 DEBUG: Report metadata written to /app/.scannerwork/report-task.txt
22:57:36.457 INFO: ANALYSIS SUCCESSFUL, you can find the results at:
22:57:36.457 INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
22:57:36.457 INFO: More about the report processing at
22:57:36.462 DEBUG: Post-jobs :
22:57:36.478 DEBUG: eslint-bridge server will shutdown
22:57:41.480 DEBUG: eslint-bridge server closed
22:57:41.480 INFO: Time spent writing ucfgs 176ms
22:57:42.244 INFO: Analysis total time: 1:09.568 s
22:57:42.247 INFO: ------------------------------------------------------------------------
22:57:42.247 INFO: ------------------------------------------------------------------------
22:57:42.247 INFO: Total time: 1:17.718s
22:57:42.431 INFO: Final Memory: 115M/408M
22:57:42.431 INFO: ------------------------------------------------------------------------

When I go to to check my PR analysis, I see that all pass and it does not flags the Code Smell.

  • What am I missing here?
  • Should I see something else on the logs to guarantee a code smell was found?
  • How would be the best way to trace the problem down?

Thanks for your support :slight_smile:


Welcome to the community!

The first thing to look at is what code is marked new in your PR. Only issues on those ‘new’ lines will be reported.

And no new lines were found here:

So that’s the underlying problem. Can you make sure the prereqs are in place?


1 Like

Thanks for your response ganncamp but I can’t manage to get the scanner to pick up my file.

I did set my in this way


And my file follows the following structure

   - app 
      - plugins
         - backend
            - src
               - myFile.ts

Looks it should be picked by the execution, but the log still the same

SCM reported changed lines for 0 files in the branch

Am I missing something?



This isn’t about your analysis properties, but about your checkout.

Explicitly, and from the docs I linked above:

make sure that:

  • The pull request source branch is checked out in the local repository.
  • The branch being targeted by the pull request is fetched and present in the local repository.
  • The analysis is being run on a local repository with valid repository metadata (e.g. the .git folders have not been removed). Avoid any attempt at previewing the merge or actions involving your main branch.
  • The code in the local repository matches the code in the remote repository (e.g once a PR is issued, no code is added to the local branch on the CI side before analysis).


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.