Why the first analysis always passes even though the codebase is having blocker issues and code smells?

SonarQube version: 6.7.7 LTS

I’m running sonar analysis on a java project and I’m seeing that this project has more than 2.8k code smells, 37 bugs, more than 50 vulnerabilities, 2k duplicate lines etc. Still this project is shown as passed.
I’ve see projects with much lower code smells and bugs shown as failed on sonarqube server.

I’m new to sonarqube and analysis and I’m trying to understand how these results are calculated?

Quality gate status depends on new code condtions. you can check them at https://localhost:9000/quality_gates/show/1 page.

Even the first analyzis is a “new” for you, it is not “new code” for sonarqube, cause the New Code Period setting in Administration->General by default set to previous_version.

You don’t have “previous” version, so SQ can’t compute “new code”. No new code - no QG fail.

You could tweak QG to meet your needs


Thanks for Enlightening me. Now I understand why this is done this way.