I am using SonarQube 8.2 for analysing a Java project. The project has a class which has not been changed for years and the class has a critical issue that hasn’t been fixed.
During the new code period which is roughly started a week ago, I made the specific class I mentioned before to be a final Class in a topic branch and that was the only change. Just added
final keyword. Now the SonarQube is showing the old critical issue as a new issue. This issue is a null pointer dereference issue because of using a null check in an external library which sonar does not recognize.
And more problems came when creating a pull request from the branch that I have made class final as pull request analysis didn’t report any issue. After merging pull request since pull request analysis didn’t report any issue, the same issue reported in the topic branch was reported in the main branch. So my questions are
- Why SonarQube detect an old issue as a new issue when changing class to final?
- Why the issue is not reported in pull request analysis?
Any explanation regarding this is much appreciated