Why add comments for lines of code that don't change?

SonarCloud
, , ,
1

Why does SonarCloud add comments for lines of code that have not changed? I integrated SonarCloud via Azure Devops. It scans for each PullRequest with Azure Pipeline and adds the findings as comments. But it adds comments for the unchanged lines of code.

This is a problem for our team. The appearance of codes that are not in development makes our SonarCloud unusable for PullRequest.

A developer changes 1 line in a file but leaves 10-15 comments. It’s bad advice for the developer to comment outside of the code he submitted. How do we fix this?

For example;

image
image1402×328 17.7 KB

2

Hi,

This sounds like a problem with the identification of new code. Assuming you haven’t disabled SCM detection, then you should make sure that

  • The pull request source branch is checked out in the local

  • The pull request source branch is checked out in the local repository.

  • The branch being targeted by the pull request is fetched and present in the local repository.

  • The analysis is being run on a local repository with valid repository metadata (e.g. the .git folders have not been removed). Avoid any attempt at previewing the merge or actions involving your main branch.

  • The code in the local repository matches the code in the remote repository (e.g once a PR is issued, no code is added to the local branch on the CI side before analysis).

 
HTH,
Ann

4

Yes, I’m sure of these. There are 35 repositories and all of them have the same problem. For example, I change 1 line of code in the UserService.cs file, but it adds 20-25 comments in the PR. The findings it finds are correct, but it should only show them within the line or method I changed.

5

Hi,

Can you share your full CI job log?

 
Thx,
Ann

6 
pool:
  name: Azure Pipelines
  demands: java

steps:
- task: SonarSource.sonarcloud.14d9cde6-c1da-4d55-aa01-2965cd301255.SonarCloudPrepare@1
  displayName: 'Prepare analysis on SonarCloud'
  inputs:
    SonarCloud: 'colins-erpos'
    organization: 'colins-erpos'
    projectKey: 'colins-dev_Nebula.ServiceSales'
    projectName: Nebula.ServiceSales

- task: UseDotNet@2
  displayName: 'Use .NET Core sdk 6.x'
  inputs:
    version: 6.x

- task: NuGetToolInstaller@0
  displayName: 'Use NuGet 5.10.0'
  inputs:
    versionSpec: 5.10.0

- task: NuGetCommand@2
  displayName: 'NuGet restore'
  inputs:
    vstsFeed: '3054f9a8-32a3-4d1d-9705-2c0bb58a6d5c'
    includeNuGetOrg: false

- task: DotNetCoreCLI@2
  displayName: 'dotnet build'
  inputs:
    projects: '**/*.sln'

- task: SonarSource.sonarcloud.ce096e50-6155-4de8-8800-4221aaeed4a1.SonarCloudAnalyze@1
  displayName: 'Run Code Analysis'

- task: SonarSource.sonarcloud.38b27399-a642-40af-bb7d-9971f69712e8.SonarCloudPublish@1
  displayName: 'Publish Quality Gate Result'
7

Hi,

Thanks for your pipeline code. What I’m actually looking for is what’s output to stdout when the job runs. I want the logging that comes out of the job, not the configuration that goes into it.

 
Thx,
Ann