SonnarQube don't detect Old Issues (Fixed) as New Issues

SonarQube Server / Community Build
,
1

Summary

Hi, I have experimented that issues that are identical to previously fixed ones (same file, same lines, same content) are not categorized as New Code but instead fall under Overall Code, causing the Quality Gate to pass.

Would this be considered expected behavior, or is it a bug? Any clarification would be appreciated.

Steps to Reproduce

  1. Initial Scan:
  • Introduce a new issue in the code.
  • The Quality Gate fails, correctly detecting it as a New Code issue.
  1. Fix Implementation:
  • Remove the problematic code to fix the issue.
  • SonarQube detects the fix and removes the issue as expected.
  1. Issue Reintroduction:
  • Create a new version of the code.
  • Reintroduce the exact same issue (same file, same lines, same content).
  • Unexpected Behavior: The Quality Gate passes instead of failing.
  • The issue is detected but categorized under Overall Code instead of New Code.

Expected Behavior

The reintroduced issue should be treated as New Code, triggering a Quality Gate failure, regardless of whether it previously existed in an earlier version.

This behavior only occurs when the reintroduced issue is identical to the previously fixed one (same location and content).

Environment

  • SonarQube Edition: Community
  • Version: v25.1.0.102122
  • Deployment: Docker
2

Hi,

This is working as designed.

When you fix the issue in code, it’s marked Closed. Closed issues are deleted from the DB after 30 days.

Up until that point, if exactly the same issue (file, line, rule, message) is detected, it will be reopened.

Why? This is a failsafe put in place to guard against (mis)configuration changes accidentally wiping out swathes of issues. Let’s say you edit your exclusions to omit one directory, but accidentally omit - recursively - its parent two steps above & everything under that. * Boom * all the issue triaging you’ve done (comments, assignments, FPs &etc) is gone. With this failsafe in place, if you fix your configuration in a reasonable timespan, you can recover your work.

 
HTH,
Ann