SonarQube raises error on old code after merging upgrade to java 17

Question

This one is a bit specific.

We use SonarCloud, and the "New Code" settings for the relevant project is as following:

I.e, on the main branch, only code newer than 2 days is considered.

We had a merge request that made some changes, including switching from Java 11 to Java 17. It had a passing pipeline, so we merged, and bam! the analysis fails on the main branch:

As you can see, the new code is correctly detected (it says "New code: Since 2 days ago", and only 9 lines are considered as new. However, I get 10 code smells, and they are raised on totally different and much older code. Those smells are typically related to Java 17 (Replace this usage of 'Stream.collect(Collectors.toList())' with 'Stream.toList()').

So my question is: Does SonarQube ignore the new code definition when it's detecting a java version change? Is it because those issues are on old code but are considered new? And why was it not raised in the passing merge request analysis?

Answer 1

A change in one line of code could generate a bug elsewhere, similarly for code smells, security hotsposts and so on; so, generally speaking, Sonarqube always evaluates all the code base. What changed in this case is the number of code patterns, or "rules", used in the evaluation: if you examine the Sonar Rules catalog for Java you can see that some rules are labeled with the Java version (from "java7" to "java17"), this means that the upgrade to Java 17 has triggered new rules that were not used before.

The "New Code" tab does not refer strictly to "new lines of code" but to issues that were not present X days ago, as explained by the last phrase in the description of the config parameter in your snapshot.