Great question—this is one of the most common gotchas with SonarQube's new code definitions, so let's break this down clearly.

First, let's start with the default behavior for new code in SonarQube (Community Edition and above):

• The default "new code" definition is based on reference branch comparison (usually your main/master branch). SonarQube identifies exactly which lines were added or modified in your feature branch relative to the reference branch—only those lines are treated as "new code".
• The default Sonar Way quality gate only enforces rules on this subset of new code lines. It won't flag pre-existing issues in the file unless those issues are directly related to your changes (e.g., your modification caused an old issue to resurface, or you touched lines that already had problems).

Now, why did your colleague's change to a file with existing blocking issues cause the quality gate to fail? There are two likely scenarios:

1. Customized new code definition: If your team modified the default new code setting to something like "Whole file" (instead of reference branch comparison), then any file that's modified gets its entire contents treated as new code. That means pre-existing blocking issues in the file would now be evaluated against the quality gate's new code rules, causing a failure.
2. Unintended new code inclusion: It's possible your colleague's edits inadvertently modified lines that already had blocking issues, or their changes caused SonarQube to reclassify those old issues as part of the new code set. For example, if they adjusted code linked to an existing vulnerability, SonarQube might flag that vulnerability as relevant to the new code changes.

To confirm this, you can check your project's new code definition:

• Go to your project → Project Settings → New Code
• Verify which definition is selected. The default should be "Reference branch" (with your main branch set as the reference).

If you want to stick to the strict "only new/modified lines" analysis, make sure the reference branch definition is active. This way, pre-existing issues in files won't block quality gate passes unless your changes directly affect those issues.

内容的提问来源于stack exchange，提问作者kkelleher