SonarQube scans files that have not changed in the Azure DevOps Pull Request (new code = Ref branch)

Hi,

We’re using SonarQube Server v2025.1 (102418) with Azure DevOps and the latest Azure Extension 7.1.1.

New code is defined as Reference branch (master), so we want to analyze only the files that have changed between the branch and master.

When we modify only one file in a Pull Request, SonarQube correctly scans that file and add comments for the issues in it :

image281×343 6.69 KB

But in the Pull Request in the bottom, we have 8 comments and we have this error message for the files that are not par of the PR :

This file no longer exists in the latest pull request changes. It may have been moved or deleted. View the comment in its original context.

image1224×481 18.1 KB

We don’t understand why it scans this file as it has not changed in the branch and the Pull Request?

We took one issue on a file that has not changed and open this file from the PR in SonarQube Code for this PR, we can see here that file is detected as new code. Then we open the same file from master and we compared the two version, they are identitical!!. We did the same with the file that has changed in the PR and we can see the changes!!

Same file but detected as new code :

image1714×741 61.1 KB

This is our Azure pipeline :

parameters:
- name: 'NugetVersion'
  type: string
- name: 'SolutionName'
  type: string
- name: 'SonarProjectKey'
  default: ''
  type: string
- name: 'SonarExclusion'
  default: ''
  type: string

steps:
- task: NuGetToolInstaller@1
  displayName: 'Use NuGet ${{ parameters.NugetVersion }}'
  inputs:
    versionSpec: ${{ parameters.NugetVersion }}
- task: NuGetCommand@2
  displayName: 'NuGet restore'
  inputs:
    feedsToUse: config
    nugetConfigPath: ./nuget.config
    externalFeedCredentials: 'Telerik Nuget Feed'
- task: SonarQubePrepare@7
  displayName: 'Sonar Prepare Analysis'
  inputs:
    SonarQube: 'SonarQube Gu'
    projectKey: ${{ parameters.SonarProjectKey }}
    projectVersion: '$(Nuget.Version)'
    extraProperties: |
     sonar.exclusions=${{ parameters.SonarExclusion }}
- task: VSBuild@1
  displayName: 'Build solution ${{ parameters.SolutionName }}'
  inputs:
    solution: '${{ parameters.SolutionName }}.sln'
    platform: 'any cpu'
    configuration: 'Release'
    maximumCpuCount: true
- task: DotNetCoreCLI@2
  displayName: 'Tests'
  inputs:
    command: test
    projects: '**/*Test*.csproj'
    arguments: '-c Release --logger trx --no-build --collect "Code Coverage"'
    publishTestResults: true
- task: SonarQubeAnalyze@7
  displayName: 'Sonar Code Analysis'
- task: SonarQubePublish@7
  displayName: 'Sonar Quality Gate Result'

Is it a bug? What is wrong with our configuration?

Thanks for support

Hi,

Welcome to the community!

Detection of new code relies on SCM metadata, so I believe this is about the SCM metadata that’s available in your environment for analysis to read.

Can you make sure the prerequisites are in place?

It’s important to distinguish how PR analysis works versus the use of a reference branch.

When you define a reference branch, it’s in the context of the branch it’s being defined on. E.G. main is the reference branch for develop.

But PR analysis will “reference” the branch the PR targets, regardless of any reference branch settings in SonarQube.

 
HTH,
Ann

Hi,

Thank you for the clarification but we followed the exact steps as your Azure DevOps Integration | Mapping your organization with SonarQube

I can’t understand why it keeps scanning files outside of files changed in the Pull Request and also why we get this error message?

his file no longer exists in the latest pull request changes. It may have been moved or deleted. View the comment in its original context.

We tried many ideas to solve this issue but can’t understand why it keep scanning files outside of the PR.

We have the latest version of Sonar Server and Azure DevOps Extension.

Thanks for support

Hi,

This isn’t about your integration configuration. It’s about your checkout.

 
Ann