SonarCloud tagging issues unrelated to PR changes

Hi,

We do local scans in our CI that we then upload to SonarCloud, and lately it has been tagging PRs that make very minor changes, say adding an enum, with hundreds and hundreds of issues:

image

The issues are legitimate, but they are historical and being cleaned up in different, specific PRs, not incrementally in every PR.

Rebasing PRs, which causes a fresh scan, fixes it, but we’re struggling to understand why this might be happening.

The only recent change I’m aware of on our end is upgrading the version of Java in our scanning container.

Any ideas?

Thanks in advance,

JimS

Hey there.

What CI are you using, and what strategy are you using to clone the PR? For example – you should avoid shallow clones.

Hello!

Buildkite is our CI orchestrator, all of the actual building happens on-prem.

We make extensive use of our repo’s history in our build process, so we don’t use a shallow clone.

Thanks for the context.

Can you tell me what specific actions you’re taking to rebase the PR that “fixes” the issue? Is this something within your CI, or a command you’re running in a relevant branch? With this info, I think I can pass this onto our developers.

In the PR branch, doing one of the following:

  • git rebase origin/master and then force pushing
  • asking mergify to do it with a @Mergifyio rebase PR comment

The rough idea we have is that consecutive analysis runs on PRs are accumulating differently than before, so then it makes sense that a rebase “fixes” that since it rewrites history and disconnects the PR from previous runs.

Thanks.

As far as SonarCloud is concerned, it shouldn’t be “accumulating” anything – each analysis will result in a brand new set of changed lines/files being reported to SonarCloud that replaces the previous one.

I should have asked before – but it would be helpful to see DEBUG logs (sonar-scanner -X) from a run before and after the rebase.

Thanks, I’ll do that when I get back from vacation!