SonarQube detects Unchanged Classes as New Code

lharzenetter · April 23, 2024, 1:57pm

Must-share information (formatted with Markdown):

SonarQube 10.5 (89998)
how is SonarQube deployed: Docker
what are you trying to achieve: I want to get a correct analysis of new code.
what have you tried so far to achieve this: I configured SonarQube to use my main branch as reference branch, but it still identifies classes that were not changed in a pull request as New Code.

The diff between my branch and the main branch looks like this:

However, SonarQube detects the following as New Code:

We use git and I run the SonarScanner analysis as follows:

dotnet sonarscanner begin /k:"..." \
    /d:sonar.host.url="sonarqube" \
    /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml \
    /d:sonar.scm.provider=git \
    /d:sonar.newCode.referenceBranch=main \
    /d:sonar.token=$SONAR_TOKEN

dotnet publish -c Release --no-restore my.sln

dotnet-coverage collect 'dotnet test --logger:"junit;LogFilePath=dotnet-test-result.xml"' -f xml -o 'coverage.xml'

dotnet sonarscanner end /d:sonar.token=$SONAR_TOKEN

How can I get SonarQube to correctly identify the changed files?

ganncamp · April 24, 2024, 12:46pm

Hi,

Typically when you see old code reported in a pull request, it’s because there was a problem reading the SCM data, which is how analysis determines what’s new. Either that, or the branch being targeted by the PR wasn’t available in the local repository.

If you check the bottom of your analysis log, do you see a message about SCM detection being disabled?

Ann

lharzenetter · April 29, 2024, 9:35am

At the end, it prints smth. like this:

INFO: Parsing the Visual Studio coverage XML report /jenkins-agent/workspace/PR-129/./coverage.xml
INFO: Adding this code coverage report to the cache for later reuse: /jenkins-agent/workspace/PR-129/./coverage.xml
INFO: Coverage Report Statistics: 158 files, 34 main files, 34 main files with coverage, 124 test files, 0 project excluded files, 0 other language files.
INFO: Sensor C# Tests Coverage Report Import [csharp] (done) | time=460ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=13ms
INFO: SCM Publisher SCM provider for this project is: git
INFO: SCM Publisher 8 source files to be analyzed
INFO: SCM Publisher 8/8 source files have been analyzed (done) | time=230ms
INFO: CPD Executor 18 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 28 files
INFO: CPD Executor CPD calculation finished (done) | time=14ms
INFO: SCM revision ID '487...0b'
INFO: SCM writing changed lines
INFO: Merge base sha1: 743...29
INFO: SCM writing changed lines (done) | time=140ms
INFO: Analysis report generated in 258ms, dir size=429.7 kB
INFO: Analysis report compressed in 99ms, zip size=139.9 kB
INFO: Analysis report uploaded in 77ms

The identified commit IDs printed in the log are correctly identified and the branch is cloned as well.

However, sometimes it even does not detect new tests with new coverage: In this example, 359 new lines are discovered and some of them are tested. As you can see, Sonar does not detect the coverage at all, but it loaded the coverage file successfully as shown in the log above.

ganncamp · April 30, 2024, 12:58pm

Hi,

Here’s the important part of that screenshot:

Of the 359 new lines, 0 were seen as coverable. Perhaps they were comment lines, whitespace, or something else, but they weren’t seen by analysis as needing to be covered. But this is getting a bit far afield from the original topic, so if you’d like to pursue this, please create a new thread.

Regarding the initial question of old code being detected as new, when you look at that old-new code in SonarQube and click in the left margin to get the blame data, what do you see?

Ann

lharzenetter · May 2, 2024, 6:13am

It says that the “new code” file has been last changed a month ago (Apr 05th), whereas the current PR was started and opened during the last week. It does not have any changes in those files.

It even identified 2 “Lines to Cover” in an old new Code file that has 100% coverage.

ganncamp · May 2, 2024, 11:48am

Hi,

That’s two entirely different things.

In your PR or in the branch?

E.G.:

Ann

lharzenetter · May 2, 2024, 1:02pm

I see what I wrote, except I got the date wrong, I as at another line earlier:

As you can see on the left, under the folder Common/...Helpers/ nothing was changed but SonarQube detected it as New Code as highlighted in on the right. In addition to that, it detected a 100% coverage of that file and detected two additional lines to cover at the same time.

The author of this old New Code is different from the author of the actual New Code. You can also see, that the revision it was changed in was the revision SonarQube detected as the base in the log of the comment above.

ganncamp · May 2, 2024, 1:15pm

Hi,

I’m not sure what your first screenshot is intended to demonstrate since the two files don’t match. And your second screenshot appears to be of the same, non-matching file.

Ann

lharzenetter · May 2, 2024, 2:27pm

That’s the thing. SonarQube detected this file to be New Code but it is not, as illustrated by the screenshot with the PR on the left. Because SonarQube detected this file as New Code, the code coverage is wrong and fails the PR check.

ganncamp · May 2, 2024, 3:10pm

Hi,

What happens when you check out the code and manually run git blame?

Also, can you share the full analysis log?

Ann

lharzenetter · May 3, 2024, 6:39am

Git blame shows exactly the same. It was last changed on April 19, by m.... in commit id 743...29:

7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000  90)     /// <summary>
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000  91)     ///     LoggerMessage delegate for logging startup errors
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000  92)     /// </summary>
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000  93)     public static readonly Action<ILogger, string, Exception> LogForStartupError =
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000  94)         LoggerMessage.Define<string>(
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000  95)             LogLevel.Error, new EventId(1, "Startup"),
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000  96)             "Startup Error: {Message}");
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000  97)
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000  98)     /// <summary>
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000  99)     ///     LoggerMessage delegate for logging startup information
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000 100)     /// </summary>
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000 101)     public static readonly Action<ILogger, string, Exception> LogForStartupInformation =
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000 102)         LoggerMessage.Define<string>(
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000 103)             LogLevel.Information, new EventId(1, "Startup"),
7435... src/Common/.../Helpers/LogInformation.cs  m...  2024-04-19 13:20:53 +0000 104)             "Startup Information: {Message}");
4cb0... src/Common/.../Helpers/LogInformation.cs  n...  2023-12-12 07:38:09 +0000 105) }

Unfortunately, I cannot share the log as it was already deleted.

ganncamp · May 3, 2024, 3:36pm

Hi,

So Git blame shows exactly what SonarQube does: that the file was updated on 19 April. SonarQube goes by the SCM blame data, and now we know there was no problem in reading it accurately. So the question is why Git thinks the lines were changed on the 19th. And with that, I can’t help you.

Ann

lharzenetter · May 6, 2024, 5:47am

Based on the SCM data, this file is not part of the PR, as shown in the screenshots above. Thus, Git does not think that it is part of the PR.

The question is, why does SonarQube think it is part of the PR?

ganncamp · May 6, 2024, 6:47pm

Hi,

Can you provide your full analysis log? Also, can you verify that the prerequisites are all in place?

Thx,
Ann

lharzenetter · May 14, 2024, 6:16am

Unfortunately, the log is gone. It’s our live development, and was already merged in the meantime which deletes the CI. The prerequisites are all in place.
I will upload a log, when it appears again.

Topic		Replies	Views
Detection of Coverable Lines SonarQube Server / Community Build csharp , sonarqube , coverage	11	251	May 15, 2024
New Code Detection Issue – Unchanged Files Being Flagged as New Code SonarQube Server / Community Build sonarqube	5	84	November 7, 2024
Sonarqube is not detecting new-code correctly SonarQube Server / Community Build new_code	33	1575	August 26, 2024
Sonarqube Scanner detects the existing code as the new code SonarQube Server / Community Build coverage	1	445	June 8, 2023
New code based on reference branch show 0 issues/0 uncovered line after 2nd analysis SonarQube Server / Community Build coverage	4	37	January 21, 2025

SonarQube detects Unchanged Classes as New Code

Related topics