sonarqube "new code" definition

Question

Re the default quality gate, strangely, we are unclear of the definition “new code”!

To illustrate, let’s say we change a file by adding new code. Is default sonar quality gate analysis done on only the new lines of code or the whole file? We are unclear but suspect it is the whole file! I’m being told by colleagues that projects are failing quality gate because files with pre-existing blockers etc. were touched/changed.

Any clarification would be much appreciated.

Answer 1

First, analysis will scan every line of every file.

Let's say

• I'm using a recent version of SonarQube
• I've set the leak period (this can be configured at the global and project levels) to 30 days

That means that any line of code added or updated within the last 30 days is considered "new" and thus, "in the leak period".

If I make a commit that adds a bug, it's marked as a bug in "new code".

If I change a line with an existing bug but don't fix the bug (Why???) then I have an "old" bug on "new" code. Since the assumption is that you'll "clean as you code" (including fixing the old issues in the code you're working on) no work has been put in to "properly" handling this case.