I’m running sonar analysis on a java project and I’m seeing that this project has more than 2.8k code smells, 37 bugs, more than 50 vulnerabilities, 2k duplicate lines etc. Still this project is shown as passed.
I’ve see projects with much lower code smells and bugs shown as failed on sonarqube server.
I’m new to sonarqube and analysis and I’m trying to understand how these results are calculated?
Even the first analyzis is a “new” for you, it is not “new code” for sonarqube, cause the New Code Period setting in Administration->General by default set to previous_version.
You don’t have “previous” version, so SQ can’t compute “new code”. No new code - no QG fail.