- ALM used - GitLab
- CI system used - GitLab
We run a Sonarcloud scan in CI both as part of our merge request pipelines and also on the main branch of our repository.
Currently the Sonarcloud scan is failing on the main branch of our repository.
One of the issues which is failing the sonar quality gate starting 24th July is a vulnerability in a file.
As our quality gate requires there to be no vulnerabilities this means the scan on main pipeline CI is failing.
However, looking in GitLab I can see that the file containing this vulnerability was last merged into main branch on 26th June and in this merge pipeline no issues were found.
Does anyone know why this issue is not being found in the Sonarcloud scan merge request pipeline or for subsequent Sonarcloud scans in pipelines ran on main branch but is appearing so long after the change to the file was merged into main branch? Is it related to the change in version of the codebase?