Sonarcloud raising issues on old code instead of focusing on newly added lines

AlexTwinLabs · December 10, 2024, 2:30pm

GitHub
Github Actions
Maintainability rating
Python

Hello Sonarcloud team,

I am struggling to have your product adopted in my team because of an annoying quirk of the maintainability rating computation on a PR. It seems that the scanner is raising issues that are in the same function or file as the newly added code, but not part of the newly added code itself. This is frustrating because people don’t care about seeing warnings about old stuff they did not introduce, and I honestly understand them. Can I setup the scan to only ever raise issues on lines that have been introduced or modified in the PR ?

Many thanks,

Colin · December 11, 2024, 8:59am

This is how it should work.

Can you share your GitHub Actions YML file?

AlexTwinLabs · December 11, 2024, 4:17pm

Yes SonarCloud would comment on a PR from a contributor, but when clicking on the links to issue on that comment, there are sone lines that have even been coded by others.

My files are below

*** sonarcloud.yml ***

name: SonarCloud
on:
  pull_request:
    types: [opened, synchronize, reopened]
jobs:
  sonarcloud:
    name: SonarCloud
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: SonarCloud Scan
        uses: SonarSource/sonarqube-scan-action@v4
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

*** sonar-project.properties ***

sonar.projectKey=double-labs_monorepo
sonar.organization=double-labs
sonar.sources=apps/agent_extension/agent/src/

Thanks for your time !

Colin · December 11, 2024, 4:21pm

Hm. Typically this happens when fetch-depth isn’t set to 0, but that’s already the case for your pipeline.

I think it would be useful for you to share your analysis logs (preferably DEBUG level, as well as some screenshots of issues being raised on old code within your PR analysis (ideally a screenshot of the PR diff showing this is indeed old code would be helpful as well)

      - name: SonarCloud Scan
        uses: SonarSource/sonarqube-scan-action@v4
        args: >
          -X
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Topic		Replies	Views
Is it possible to only scan changed lines? SonarQube Cloud	5	1146	September 20, 2023
Sonar detecting old code smells as new on PR decoration SonarQube Cloud sonarqube-cloud	9	769	September 1, 2023
Unable to integrate automatic PR comments for newly changed code using SonarCloud SonarQube Cloud sonarqube-cloud	7	23	December 18, 2024
Issues in Old Code switch between 'Fixed' and 'Open' and are counted as 'Issues in New Code' SonarQube Server / Community Build java , sonarqube , scanner , coverage , new-code	8	22	November 22, 2024
Github actions check stopped working unexpectedly? SonarQube Cloud	21	3512	January 6, 2021

Sonarcloud raising issues on old code instead of focusing on newly added lines

Related topics