Sonarqube is identifying as "new code" other changes besides the ones done on a given branch

gcastanheiro · April 17, 2023, 4:53pm

I want to have sonarqube analysing my PRs, and this is happening successfully.
However, Sonarqube is identifying as “new code” other changes besides the ones done on a given branch.
For example, I create a new branch from the master branch (up-to-date), commit a single change, push and create the PR, and when the sonarqube analysis runs, it identifies other changes that were already present on the master branch. I want only the PR changes to be considered as “new code”.
I the “New Code” settings, for project I’m using the master branch as the reference branch, and for the master branch itself I’m using “previous version” setting. Note that I am not providing any projectVersion in the sonarqube properties.

I’m triggering the sonarqube analysis from jenkins script, and all my sonarqube properties are set on a gradle file.

What am I doing wrong?

Thanks!

ganncamp · April 18, 2023, 4:12pm

Hi,

Welcome to the community!

Is this a PR analysis or a Branch analysis?

And are there any warnings about SCM data in your analysis log?

The analysis / scanner log is what’s output from the analysis command. This guide will help you find them.

Ann

gcastanheiro · April 18, 2023, 5:25pm

Hi,

Thank you so much!

It SHOULD be a PR analysis, as I wanted for the “new code” to be the commits done only on the PR, and not all the commits that might happen from merging the updated master into the PR’s branch.
But I’m not sure what it IS. What info can I provide you in order to answer this?

These are the logs I found (following the guide you provided):

2023-04-18T18:14:00.079+0100 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor JaCoCo XML Report Importer [jacoco]
2023-04-18T18:14:01.262+0100 [INFO] [org.sonarqube.gradle.SonarQubeTask] Importing 1 report(s). Turn your logs in debug mode in order to see the exhaustive list.
2023-04-18T18:14:01.262+0100 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Reading report '/Users/gcastanheiro/StudioProjects/myPerfectApp/app/build/reports/jacoco/jacocoTestReport/jacocoTestReport.xml'
2023-04-18T18:14:01.580+0100 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=1500ms
2023-04-18T18:14:01.580+0100 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor Kotlin Sensor [kotlin]

I did find other logs, but I don’t know if they are helpful, or impact here.

[2023-04-18T09:35:15.563Z] Could not find ref 'master' in refs/heads, refs/remotes, refs/remotes/upstream or refs/remotes/origin

Thank you!

ganncamp · April 18, 2023, 5:40pm

Hi,

Can you provide the full analysis log?

Thx,
Ann

gcastanheiro · April 20, 2023, 11:29am

Hi Ann,

Thank you for your help!
Apparently, I figured out what I was doing wrong.
The problem was that I was running sonarqube for the commits on the PRs only; I started running it for the merges into the master branch as well (providing a projectVersion), and now the “new code” is correctly identified, as it contains only the changes performed on that PR (without other commits from merging and updated master branch into the PR branch).

Sorry for my mess up, and thank you for your support!
Gonçalo