SonarQube scans code change(delta) for pull request incorrrectly

Let’s discuss what you have in mind!

Try to describe the problem or opportunity you are seeing and why it matters. The closer you stick to this topic template, and the more information you provide, the better chance you have to generate a real discussion.

A few questions to help you:

  • What are you trying to accomplish? Sonar scan for differential code change for pull request would not scan whole scope(maybe method or function where code changes happened) and would allow it to merge to remote master of SCM.
  • Why does this matter to you? Sonar analyzing whole scope would stop any bug or code smells to enter master which is not happening. It is because of this behavior, SonarQube later shows bugs or code smells for overall repository.
  • How would that look in SonarQube? Alternatives? NA
  • How would we know it works well? Code change block in total(entire scope) should be analyzed so that master branch does not have bugs upon code merge.
  • Why should it be a priority now? Priority 1 as all PRs are impacted

Make sure to check out our product roadmap as well, to see if your need is already being considered.

I found one similar thing out there without any resolution.
Pull request analysis clean, analysis after merge finds issues - SonarQube - Sonar Community (sonarsource.com)

Hi Ravi,

Welcome to the community!
Can you give me more details about the issues that are not detected in your PRs?

Chris


Line 241 was added during the PR and sonar scanned it to green which clearly shows that whole scope of the variable was not considered during the scan.
As soon as change was merged to master, Sonar started to show the same method as bug because at line 244, it would return null for one scenario.

Any response is appreciated.

Thanks for the details, Ravi.
It looks like a detection issue, more than a need that is not yet fulfilled by the product.
I removed the “Product Manager for a Day” tag so that someone else can jump in and can try to help you.

Chris

Thanks Chris for reaching out. As I mentioned in the screenshot above, while scanning for new code sonar did let code to merge(could be seen in line# 241) instead of taking whole if loop into scan and stopping the merge to master because null was not handled in the code.
Once merge was completed and master scan was run, same if loop started to show a bug regarding the same which could be seen in the screen shot above.

I am still facing this issue. Can I get any help?