SonarQube scans only the changed lines in a PR analysis and this results in a bug


SonarQube 9.9 LTS (Developer edition) deployed via zip.
The default behavior for PR analysis is to scan only the modified lines but there is an use-case where some problems may occur.

from module1 import function1


Having this code, let’s assume we push a commit where the line in which function1 is imported is removed. Having a new analysis after this commit, I would expect that the line where function1 is called to be flagged with python:S5953 rule but this does not happen.

Is there any setting I could enable to trigger the analysis to happen for the entire file where the change/modification occurred instead of only the modified lines?

So far, I have tried using sonar.scm.forceReloadAll=true but this does not solve the issue.

Thank you!


It’s a known issue that PR analysis doesn’t raise new issues on untouched code. There is no setting to change the behavior. We’re aware of the pain this causes, and have felt it ourselves. It’s on our list, but unfortunately the fix is not easy.