SonarScanner CLI Docker - Latest (which ought to be 4.6.2.2472)
I’ve been tasked with integrating my team’s codebase with our SQ instance, and everything has been going swimmingly, however I’ve been trying to take advantage of the projectVersion property, which seems to be working after getting it integrated in my CI workflow. The issue I’m running into is that it seems like subsequent runs of SonarScanner don’t seem to be showing up in my dashboard (I’ve been trying changing some other configuration changes, but it doesn’t seem like any scan since I last change the projectVersion field has been picked up, the logs from the scanner indicate everything was successful, so I’m not sure what’s going on.
If the scanner logs indicate success, what is causing your sense that the subsequent scans were ignored? Did you actually introduce code changes or something that should manifest as a dashboard difference? How is the New Code period set for this project?
You can take a look under Project Settings / Background Tasks and on that screen you should see a background task corresponding to each time the scanner completed and uploaded an analysis report. Can you correlate those tasks with your scanner runs?
The change that I introduced was changing how our dependency check scans should be reported, we’re using npm, so I set the scanner to only scan production dependencies, so I would expect the report to reflect the change in dependencies, but it hasn’t seemed to change.
New code is set to “previous version” as far as I’m aware. I don’t have access to the project settings in the SQ dashboard, but I’m reaching out to someone who does. That said, I’ve seen the “background task pending” banner in the past in the dashboard, however I haven’t seen that recently following CI builds.
Oh I see. Since the dependency check is a 3rd party plugin, I don’t have visibility into how it works or what should happen if you do multiple scans with only changes to its settings. You might consider filing an issue against the project?
Update: The background tasks are running just fine, and there is a run that corresponds to each CI build, so the data is definitely there. I was under the impression that each scan would result in a new entry in the “Activity” tab. It seems like it may be working as intended, I’ll see what things look like once I get everything merged into our main branch and we start seeing additional scans from new code.