SonarCloud Scans Unchanged Files from Different Folders During Pull Request Analysis

ShaliniS · September 24, 2024, 5:57am

Hello SonarCloud Community,

I’ve limited my pull request (PR) pipeline to scan only changes made in a specific folder and run the associated PR validation pipeline. However, during the PR pipeline execution, not only are the changed files from the specified folder scanned, but files that I haven’t modified, which belong to different folders, are also included in the SonarCloud coverage.

Current Setup:

Pipeline: Azure DevOps
SonarCloud Task:
- Task: SonarCloudPrepare@2
- ScannerMode: CLI
- Sources: Limited to a specific folder using cliSources
Pull Request Analysis: Set up to only target specific folders with changed files.

Issue:

Even though the changes are limited to files in one folder, SonarCloud is including files from other, untouched folders in the coverage report.

Expected Behavior: SonarCloud should only report on the files changed in the specific folder where changes were made, and exclude the files that weren’t modified from other folders.

Steps Taken:

Confirmed that the pipeline sources are limited to the relevant folder.
Verified that the .git directory is accessible and PR properties are configured correctly.

Is there any additional configuration needed to ensure that SonarCloud limits its analysis only to the modified files within the specified folder? Any help would be appreciated!

Thanks for your assistance!

Colin · September 25, 2024, 11:59am

Hey there.

Have you made sure to disable shallow cloning?

steps:
- checkout: self
  # Disable shallow fetch
  fetchDepth: 0

ShaliniS · September 26, 2024, 6:01am

Thank you for the suggestion! I wanted to clarify that my repository is a monorepo, containing multiple projects within one repository. This is why the pipeline is set up to run only when there are changes in specific folders relevant to the PR. I am currently using the following checkout step in my PR pipeline:

steps:
  - checkout: git://root/inspect@$(System.PullRequest.SourceBranch)

I understand that switching to checkout: self would ensure full history fetch and .git access, but since this is a monorepo setup, it is critical for me to maintain the ability to target specific folders based on changes. Additionally, I need to make sure the source branch is correctly compared with the dev branch during the PR.

If I switch to checkout: self, will it handle the mono repo structure properly and still allow me to compare the source branch with dev without causing issues with targeting specific folders?

Any further guidance would be appreciated!

Colin · September 26, 2024, 2:48pm

I really don’t know enough about Azure DevOps and Git Clone strategies to say, but what’s really important here is the fetchDepth, not the checkout.

Topic		Replies	Views
GitHub PR Scan Documentation Location SonarQube Cloud	3	426	February 14, 2022
SonarQube - Analyse Pull Request - Changed Files Only SonarQube Server / Community Build sonarqube , pull-request	8	7721	December 6, 2018
SonarCloud Scanning Whole File Instead of Changed Lines on PR SonarQube Cloud sonarqube-cloud	10	189	August 2, 2024
Sonarcloud DevOps Pull-Request analysis seems to analyze all files SonarQube Cloud sonarqube-cloud	4	270	April 17, 2024
Pull Request analysis incorrectly reporting thousands of changed files SonarQube Cloud	5	279	June 14, 2024

SonarCloud Scans Unchanged Files from Different Folders During Pull Request Analysis

Related topics