Sonarqube commit and pull request analysis explanations

SonarQube Server / Community Build
1
  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    9.9
  • how is SonarQube deployed: zip, Docker, Helm
    Pod
  • what are you trying to achieve
    Understand exaclty what :
  • sonarqube analysis standard and sonarqube analysis pull request do
  • which difference between them when we have set same “new code reference” branch.

So, we have standard and MR analysis configured like this :
New Code Reference is configured as specific branch ‘develop’

Standard analysis
sonar.branch.name=$BITRISE_GIT_BRANCH
sonar.newCode.referenceBranch=develop

PR analysis
sonar.pullrequest.key=$BITRISE_PULL_REQUEST
sonar.pullrequest.branch=$BITRISE_GIT_BRANCH
sonar.pullrequest.base=$BITRISEIO_GIT_BRANCH_DEST

What we want is to solve sonar errors that appear after merge and not at comit/Mr analysis.
Several people had read all the doc releated to analysis or new code but it’s not clear, there is a lack of precise information.

Regards,

2

Hey there.

Can you give some examples of issues that appear after merge that didn’t appear in the pull request?

3

Hello,

There are some issues like
Reduce the number of conditional operators (5) used in the expression (maximum allowed 3)

This issue has not been detected at commit and merge request analysis but after merge on reference branch.
This issue is detected on all new branch created from this reference branch (after merge).

4

Thanks.

  • Are other issues raised in the pull requests in question?
  • Can you share the code which didn’t raise this issue in the pull request compared to the one that did in the branch after it was merged? A screenshot would be fine here.
5

I can’t share it at this moment but i will.

However, we encounter another problem with commit sonar analysis and issue detection:

  • we create a feature branch from reference branch pointed on commit(#A)
  • we push a new commit(#B) on this feature branch
  • Sonar detect some issue → it’s ok
  • we push a new commit(#C) on this feature branch withtout solve these issues
  • Sonar does not (re)detect issues from commit (#B) but only new issues introduced between commit(#B) and commit(#C).
6

Is it possible the issues are falling into the Overall Code tab, or are they gone from the Issues tab entirely?

7

yes these issues appear in overall code.
The problem is quality gate are computed according to new code.

8

It sounds like maybe your New Code Period is being updated every analysis to only include the changes from the last analysis. How is your new code definition defined for the project?

9

New code is defined as “reference branch”