This started happening this week, it used to work well before this week (September 22, 2025)
ALM used is GitHub
Languages of the repositories is TypeScript
This is happening in all repos we have associated to projects
Error observed:
When PRs are created, SonarQube’s quality gate is not passing, because it seems it’s reviewing the whole files that were included in the PR rather than just the changes submitted to the PR.
When going to the details of the quality gate, none of the changes it’s complaining about are matching the filters for new code, they are from months ago
When going to the left side bar to see the current filters, and going to the “Creation Date” entry, clicking to alternate between “Overall Code” and “New Code” doesn’t make any changes on the results on the right
Steps to reproduce:
Associate Your repo to SonarQube cloud with PR enabled in a project
Configure the project to have “New code” (currently we have a configuration for 90 days for new code)
Configure the default quality gate (Sonar way)
Create a Pull Request
SonarQube add a feedback in the PR with all the issues in the files touched, regardless if they were actually changed or not in the actual PR
Potential workaround. We’re just ignoring the quality gate for now if changes don’t belong to the PR, but that’s not the best way to continue.
We’ve recently noticed that every repo is flagging issues that already existed and were flagged 1-2 years ago. When looking into this, we can see that lots of TypeScript rules have been updated as of 22nd September 2025, but also that the “Available since” date of the rule is also 22 Sept 2025 such as rule typescript:S7770, yet we also have this issues flagged since 4 July 2024 at 12:51 so it isn’t new/available since 22nd September, it’s simply updated on the 22nd but was previously available prior? The 22nd comes up on lots of rules which are flagging.
It’s also flagging these even when the code for that issue hasn’t changed, it’s just within the same file that had code changed.
Alright. After doing some digging, I expect that this is a combination of two things:
The Javascript/Typescript analyzer recently added a lot of new rules (and even when there are new rules, backdating kicks in, explaining why you see dates of “1 year ago”)
I would guess that you haven’t reanalyzed your main branch (or the branch being targeted by your PR) since these rules were added
Can you confirm that second part? You could also delete the existing PR analysis in SonarQube Cloud
Hey Colin, this is the message in the Warning: Last analysis has warnings
At least one referenced/extended tsconfig.json was not found in the project. Please run ‘npm install’ for a more complete analysis. Check analysis logs for more details.
Regarding CI, no, I don’t integrate SonarQube with GitHub through GitHub actions or any other CI, I just had the project added to my SonarQube cloud interface. I haven’t changed any settings since it was originally set up.
We seem to be hitting a possibly related issue with typescript projects.
We run the same scan on pull requests and when it is merged to main branch. On both it is saying 0% coverage on code, despite us uploading an lcov report with coverage
Other teams with non typescript code are still showing coverage on their code
@anthony-nhs I don’t see a super clear connection to this thread. It would probably make sense for you to open a new one – and make sure you check the logs as in this guide!
