0

We're using SonarQube 5.6.6 (LTS) with SonarC# plugin version 6.5.0.3766 and TFS 2017 update 2 (SonarQube plugin v. 3.0.2).

We're repeatedly seeing, that issues that were previously marked as resolved (Won't fix) get reopened. My question is: Why does SonarQube behave in this way?

This issue is also mentioned in a number of different posts(1,2,3) on StackOverflow but with no root cause or resolution. Link 3 also states that this is an issue using SonarQube 6.2.

I'm curious as to whether this is due to a misconfiguration on our part or an integrated part of SonarQube?

Our SonarQube server is running on a Win 2012 R2 server with a MS SQL backend if thats relevant?

Furthermore, we're using TFVC for versioning and get blame through the SCM plugin. If an issues has been marked as resolved (won't fix), I've noticed that it appears to be as opened as a new issue (i.e. no history available).

Example: A colleague marked an issue as resolved (won't fix) in a file which was last modified in TFVC back in november 2015. However, this morning the issue was marked as open and assigned to the developer who originally checked in the code There is no history in SonarQube of the issue having previously been in a resolved state. It appears as if it's a new issue in a new file instead of being a known issue which has already been resolved?

To avoid weird issues related to compiling our C# solution we always clean our workspace completely prior to our build. I don't know if that has something to say? Our builds are also executed on different build machines so I don't know if that will make SonarQube think that we're indeed always analyzing new files?

Could the use of different build machines and/or build definitions for the same SonarQube project result in this behavior?

I've also seen from the logs and reports, that SonarQube appears to analyze the ENTIRE solution and not only the changed files. This makes our analysis very time consuming and not at all suitable in a fast feedback loop. I suspect the long analysis period and the issues reopening is related. Analysis of a projekt with approx 280 KLOC takes approx. 8-10 min. as a background task on the server. That's on subsequent analysis (i.e. not the first run).

Is this related to the above mentioned problem of issues getting reopened by the server?

Strangely enough, leak periods appear to work correctly, i.e. we correctly identify issues within the right leak period. I've not verified this in detail yet, but it's definitely not ALL old issues that get reported as open within the leak period. We only see old issues reappear, if the file that contains them has been modified - this activates all the other issues (from a previous version or leak period) within that file.

I've not specified any additional cmdline parameters for the SonarQube scanner during builds apart from the TFVC SCM plugin and path for coverage data. We're using the VSTEST task v. 2 as otherwise it's not possible to collect code coverage in SonarQube when using TFS 2017 update 2 and VS 2017.

Please advise of any further data that I should supply to help this further. Thank you for your help!

llykke
  • 253
  • 2
  • 14
  • 2
    I don't see a question here... it looks like a list of issues. If you have an issue with the way SonarQube works, you should visit their forums / issue tracker. – Daniel Mann Nov 17 '17 at 00:05
  • I've paraphrased my post, to make the questions stand more out. I have been looking at the SonarQube forums where this issue (reg. automatically reopening of previously resolved issues) [also has been brought up](https://groups.google.com/forum/#!topic/sonarqube/znjRlDUw1lM), but with no available resolution (that I was able to find). I don't have an issue with the way SonarQube works. I just need to understand the behavior, so I can explain it to others. – llykke Nov 17 '17 at 07:07

0 Answers0