Sonarcloud raising issues on old code instead of focusing on newly added lines

AlexTwinLabs · December 10, 2024, 2:30pm

GitHub
Github Actions
Maintainability rating
Python

Hello Sonarcloud team,

I am struggling to have your product adopted in my team because of an annoying quirk of the maintainability rating computation on a PR. It seems that the scanner is raising issues that are in the same function or file as the newly added code, but not part of the newly added code itself. This is frustrating because people don’t care about seeing warnings about old stuff they did not introduce, and I honestly understand them. Can I setup the scan to only ever raise issues on lines that have been introduced or modified in the PR ?

Many thanks,

Colin · December 11, 2024, 8:59am

This is how it should work.

Can you share your GitHub Actions YML file?

AlexTwinLabs · December 11, 2024, 4:17pm

Yes SonarCloud would comment on a PR from a contributor, but when clicking on the links to issue on that comment, there are sone lines that have even been coded by others.

My files are below

*** sonarcloud.yml ***

name: SonarCloud
on:
  pull_request:
    types: [opened, synchronize, reopened]
jobs:
  sonarcloud:
    name: SonarCloud
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: SonarCloud Scan
        uses: SonarSource/sonarqube-scan-action@v4
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

*** sonar-project.properties ***

sonar.projectKey=double-labs_monorepo
sonar.organization=double-labs
sonar.sources=apps/agent_extension/agent/src/

Thanks for your time !

Colin · December 11, 2024, 4:21pm

Hm. Typically this happens when fetch-depth isn’t set to 0, but that’s already the case for your pipeline.

I think it would be useful for you to share your analysis logs (preferably DEBUG level, as well as some screenshots of issues being raised on old code within your PR analysis (ideally a screenshot of the PR diff showing this is indeed old code would be helpful as well)

      - name: SonarCloud Scan
        uses: SonarSource/sonarqube-scan-action@v4
        args: >
          -X
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Topic		Replies	Views
Old code suddenly being treated as new code SonarQube Cloud	5	271	March 20, 2024
Sonar cloud shows very old bugs on new PR SonarQube Cloud sonarqube-cloud	3	424	June 4, 2021
SonarCloud scan showing hundreds of New Errors on Old Code all of a sudden from previously-scanned code SonarQube Cloud scanner , sonarqube-cloud	1	385	September 27, 2021
Old Code PR issue is reflecting on New code PR SonarQube Server / Community Build sonarqube , scanner , android	3	625	February 1, 2023
Is it possible to only scan changed lines? SonarQube Cloud	5	1192	September 20, 2023

Sonarcloud raising issues on old code instead of focusing on newly added lines

Related topics