Hi,
FYI, the standard courtesies (Hi, Thanks, ...) are appreciated in this group.
Now to your questions. There are a couple different things going on here.
Let's start with the problem of defects "ageing out". I think this is really an issue of mindset, and perhaps of "leak period."
You don't actually give a lot of specifics about your case, so I'm going to speculate:
* You've set your leak period to previous_analysis
* You've set your quality gate to something like: no new Bugs in the leak period
Under those two conditions, the scenario you describe is both plausible and likely. So let's change the conditions. If you set the leak period to previous_version then there's no way for defects to "age out" of the consideration period. Either they're fixed, or they're consciously allowed to go into production.
Regarding "corrupting" the SonarQube project with the "lesser standard", this is exactly what you should do. Presumably, we're not talking about branch analysis, but about your head/master branch. In that case, you should be analyzing and publishing for everyone to see the current state of your source code. If you only analyze the "good" checkins, and suppress information about the bad ones, then you deliberately promote a false sense of security about the state of your code.
Instead, you should be publishing the current state of your code, "warts and all".
Ann