Unexpected new issues

On our larger project, we have faced a situation where new bugs and new vulnerabilities have been reported on files which last modification are dated before the leak period starting point (the leak period is defined by version, the version being different at evry new analysis).

It appears that two specific analysis during the leak period generated these new bugs, but again without modifying these files.
This occured for various types of files, C and java mainly.

Do you know what can cause that ?


Could you list the rules in question? It’s likely that the new issues were caused by changes in other parts of the code. For example, if I remove the only use of a private method, that old method will get a validly new issue that it’s unused.