Sonarcloud raising issues on old code instead of focusing on newly added lines

  • GitHub
  • Github Actions
  • Maintainability rating
  • Python

Hello Sonarcloud team,

I am struggling to have your product adopted in my team because of an annoying quirk of the maintainability rating computation on a PR. It seems that the scanner is raising issues that are in the same function or file as the newly added code, but not part of the newly added code itself. This is frustrating because people don’t care about seeing warnings about old stuff they did not introduce, and I honestly understand them. Can I setup the scan to only ever raise issues on lines that have been introduced or modified in the PR ?

Many thanks,

This is how it should work.

Can you share your GitHub Actions YML file?

Yes SonarCloud would comment on a PR from a contributor, but when clicking on the links to issue on that comment, there are sone lines that have even been coded by others.

My files are below

*** sonarcloud.yml ***

name: SonarCloud
on:
  pull_request:
    types: [opened, synchronize, reopened]
jobs:
  sonarcloud:
    name: SonarCloud
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: SonarCloud Scan
        uses: SonarSource/sonarqube-scan-action@v4
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

*** sonar-project.properties ***

sonar.projectKey=double-labs_monorepo
sonar.organization=double-labs
sonar.sources=apps/agent_extension/agent/src/

Thanks for your time !

Hm. Typically this happens when fetch-depth isn’t set to 0, but that’s already the case for your pipeline.

I think it would be useful for you to share your analysis logs (preferably DEBUG level, as well as some screenshots of issues being raised on old code within your PR analysis (ideally a screenshot of the PR diff showing this is indeed old code would be helpful as well)

      - name: SonarCloud Scan
        uses: SonarSource/sonarqube-scan-action@v4
        args: >
          -X
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}