SonarQube scans only the changed lines in a PR analysis and this results in a bug

CoVlado · March 12, 2024, 12:32pm

Hello!

SonarQube 9.9 LTS (Developer edition) deployed via zip.
The default behavior for PR analysis is to scan only the modified lines but there is an use-case where some problems may occur.

from module1 import function1


function1()

Having this code, let’s assume we push a commit where the line in which function1 is imported is removed. Having a new analysis after this commit, I would expect that the line where function1 is called to be flagged with python:S5953 rule but this does not happen.

Is there any setting I could enable to trigger the analysis to happen for the entire file where the change/modification occurred instead of only the modified lines?

So far, I have tried using sonar.scm.forceReloadAll=true but this does not solve the issue.

Thank you!

ganncamp · March 13, 2024, 12:35pm

Hi,

It’s a known issue that PR analysis doesn’t raise new issues on untouched code. There is no setting to change the behavior. We’re aware of the pain this causes, and have felt it ourselves. It’s on our list, but unfortunately the fix is not easy.

Ann

Topic		Replies	Views
How much code is actually scanned during PR analysis? SonarQube Server / Community Build java , pull-request	1	486	August 31, 2021
Pull Request analysis in SonrQube shows issues for untouched files SonarQube Server / Community Build	1	180	September 11, 2023
Old lines detected as changed line during pull request analysis SonarQube Server / Community Build sonarqube , pull-request-decorat	4	476	April 14, 2023
Is it possible to only scan changed lines? SonarQube Cloud	5	1210	September 20, 2023
PullRequest Analysis misses issues SonarQube Server / Community Build	2	417	July 27, 2021

SonarQube scans only the changed lines in a PR analysis and this results in a bug

Related topics