We have a client running SonarQube Server Enterprise Edition 2025.1 LTA. We have recently analyzed a project that raised 82 new issues in what SonarQube considers “new code”, despite the project having 0 lines of new code, and despite the commits where those issues were detected dating back to 2023 or earlier.
25 days ago, we updated a custom java rules plugin they have, but these rules were not affected in any way nor this particular Quality Profile was updated.
The issues are raised as new, not backdated. This indicates that SonarQube didn’t see them as being the result of a SonarQube version update (they would have been backdated in that case.)
That means they were newly found for the first time in that analysis 25d ago. Can you list what rules raised issues? And how frequently is this project analyzed? And what’s the new code definition?
Because the issues in the list about using deprecated methods are easily explained away depending on analysis frequency and new code setting: the method in question was deprecated, then what’s considered “new” got updated. Then, 25d ago, an analysis ran.
Similarly, the unused variable and perhaps useless assignment issues can be explained by deleted code. Unfortunately, we’ve never had a good way to reflect deletions. But if the only use of the variable was deleted, there’s certainly “0 new lines” tied to the change, but a legitimately new issue. The same if the use of the new value in cd_tipo was deleted.
The Cognitive Complexity issue is a little harder to explain away unless there was a code change before ‘new code’ was reset, and then the analysis happened after.
