Sudden Reduction in SONAR Counts

SONAR issues in the project have reduced drastically in my last sonar analysis even though no fix has been made. Could you please advise.

  • SONAR 7.6
  • We do a weekly run of sonar on all projects however with this week run all bugs and vulnerabilities have reduced to single-digit numbers and bug status has been moved to “FIXED” even though no fix has been made.iour

Hello @Ashutosh.Tiwari05,

You’re not on a supported version of SonarQube so I will not be able to investigate extensively should that be needed. I strongly recommend you to upgrade to 7.9 (LTS) or 8.3 (LATEST) to get all the latest features.

However your problem is probably not related to the version. Users typically experience this when the analysis environment/context/settings was not the same as with previous analysis. There are plenty of potential reasons:

  • Some files from past analysis are not in the same place as usual or not in directories configured as sources or simply missing (SCM checkout failed or partially failed)
  • Analysis properties/context were different (often happens if you don’t analyze from a reliable - ie CI - environment)

A quick look at your analysis logs should allow you to spot why this happened. If not, please attach the logs and I will have a look (ideally also attach the logs of the previous successful weekly scan).

Side note:I would like to highlight that analyzing once a week is not a best practice. Analysis should be a “continuous” process, ie daily at worse, and even more frequently for branches and pull requests.