[SonarCloud] Sonar analysis missed a bug detection on PR


We have Android (Kotlin) project with multiple modules. When running the analysis on PR, we only include the changed module (considering the analysis time).

And we found a bug missed the analysis and entered the repo. We think this bug (kotlin:S3923) should be able to be detected since it only relate to this 1 file, and of course there is a change in this file.

We just realized that the bug entered the repo when we run the full scan (and saw this bug just newly added to the repo). When I checked on the Sonar’s PR analysis dashboard, the module was analyzed. Do you know why it could happen?

For the Sonar analysis, we are using sonar scanner for Gradle, 3.3.

Thank you.


Could you share the analysis log (the stdout output from the analysis command)?


Hi Ann,

Here is the log.

Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.	
Missing blame information for the following files:	
  * explore/explore_impl/src/main/java/com/android/explore/framework/ExploreFeatureFlagDelegate.kt	
  * explore/explore_impl/src/main/java/com/android/explore/di/ExploreComponent.kt
This may lead to missing/broken features in SonarCloud	
File '/Users/vagrant/workspace/ka-Android_pull-request_PR-20202/explore/explore_impl/src/main/java/com/android/explore/landing/ExploreLandingActivity.kt' was detected as changed but without having changed lines	
File '/Users/vagrant/workspace/ka-Android_pull-request_PR-20202/explore/explore_impl/src/main/java/com/android/explore/di/ExploreComponent.kt' was detected as changed but without having changed lines

Thank you.


Thanks for the logs. They pinpoint the problem precisely.

In PR analysis, we only raise issues found in New Code. Without SCM information, we can’t correctly detect what’s “new”, so it’s expected that you’ll have this sort of problem. In fact, the log itself warns you quite explicitly:



Noted. Thank you for the assistance.