I have a requirement to add custom quality gate condition on my project. If that is not met then my build should fail.
I have already configured sonarqube enterprise to my project pipeline, and in sonarqube under quality gates I couldn't find add new quality gate and also couldn't add conditions in the existing quality gate.
Please help me with this.
And also what would be the best conditions that can be provided as if it doesn't pass then build has to fail
You can use SonarQube's web API or REST API to add new quality gate and also to add conditions in the existing quality gate.
Here are two web API's:
To create quality gate
POST api/qualitygates/create
To add conditions in the existing quality gate
POST api/qualitygates/create_condition
Note: You need the Administer Quality Gates permission to execute both the API's.
This is an achieved under the UI and via the API. You cannot modify the Built-In Gate, but you can copy it, modify the copy and set that as the default. Requires the 'Administer Quality Gates' permission. Details as of LTS 8.9.0 - May '21.
VIA API:
Check your installation web_api reference (because SQ does not publish it independently to the web and they change it often).
Create a Quality Gate:
POST {sq_url}/web_api/api/qualitygates/create ?name=<value>
Add a new condition to a quality gate:
POST {sq_url}/web_api/api/qualitygates/create_condition ?metric=<condition>&error=<threshold>
Set a quality gate as the default quality gate:
POST {sq_url}/web_api/api/qualitygates/set_as_default ?name=<value>
VIA UI:
Under Quality Gates, pick the Gate you wish to use as your base, click Copy, give it a name; "Copy".
Choose Add Condition, choose scope (New or Overall Code), Quality Gate criteria from the drop-down options, failure threshold; "Add Condition". Repeat as necessary.
Related
I have some code that want to SonarQube not check this vulnerability while every deployment.
Any method for add rule for not check X type vulnerability with some error text ?
I found an answer and want to inform for who need answer
https://sqa.stackexchange.com/questions/24734/how-to-deactivate-a-rule-in-sonarqube
Need to copy existing SonarQube built-in profile and deactivate/add new rule in new profile,
after that go to project settings and change Quality Profile.
page with intent and static fulfillment response, sys.no-match has also static respone
training phrases for intents
Using one of the training phrase triggers sys.no-match instead of the intent.
How do I get it to match the intent correctly?
edit: I ended up changed back from advanced NLU to standard NLU and now it works fine. I initially changed to advanced NLU because I thought it was better but turns out I was wrong
Normally the Standard NLU is automatically trained after any intent changes, however, switching to the Advanced NLU disables automatic training and the flow needs to be actively trained via the ‘Train’ button in the ML settings. Note that Auto Train is not available for the Advanced NLU setting.
In your situation, despite the intent creation, the training may have not been updated afterwards due to the Advanced NLU setting not automatically doing the training, resulting in the non-updated behavior.
In short: to properly use the Advanced NLU setting, you must press the ‘Train’ button before testing and wait for the training status to end ‘Training in progress’ so that the behavior of your Agent reflects the changes made since the last training session.
I am new to sonarqube and was able diable/deactivate default rules that comes with sonar. However I would like to know if there is a way to delete/remove default rules from sonar ?
yes of course you can disable some rules and change the level (major, minor etc) in the admin console of your sonarqube and you can use a custom quality profile with a selected rules to analyse you project
http://docs.sonarqube.org/plugins/servlet/mobile#content/view/6964603
Log in as Admin.
Through Quality profile we will be able to activate and deactivate the default rules.
3.Ability to create a new profile with specific rules and scan the project with this new profile.
The following worked for me:
Log in as admin
Set another profile as default, i.e. not the one you want to remove.
Now the non-default profile will be deletable.
I'm currently using SonarQube v5.6 and I'm trying to export the list of the rules that are inactive.
We can take "BackUp" of the rules that are active through the UI, but I'm trying to do this using Web API supported by Sonarqube on command line.
For Example:
I'm trying to export the rules which are not active in sonarqube:
http://$sonarqubeServer/coding_rules#qprofile=$key|activation=false
Can anyone please help me how to go about this ?
SonarQube Web API is pretty well documented (accessible from the footer of your server). api/rules offers api/rules/search which takes a bunch of parameters, including:
activation - Filter rules that are activated or deactivated on the selected Quality profile. Ignored if the parameter 'qprofile' is not
set.
qprofile - Key of Quality profile to filter on. Used only if the parameter 'activation' is set.
Bottom line, this request in the UI:
https://sonarqube.com/coding_rules#activation=false|qprofile=js-sonar-way-56838
Is equivalent to this Web API request:
https://sonarqube.com/api/rules/search?activation=no&qprofile=js-sonar-way-56838
How can we identify the most common types of issues in a project in our current code base.
We have recently upgraded from Sonar 4.5 to 5.1
In 4.5 we used to view the issues list in a specific project, and the issues were grouped by issue type. For instance in one project the rule "Use a logger to log this exception" might be the most common critical rule with 45 violations. We could then use that information to drive improvement efforts.
In 5.1 we are now presented with a long list of issues with no apparent way of group them.
The ability to see what type of violation was most common was also useful in allowing us to see where best to direct our efforts in terms of remedial action.
You can do that easily on issue page of your project : just click on the rule facet and you should have the list of most violated rules.
See http://nemo.sonarqube.org/issues/search#resolved=false|projectUuids=b38e4f29-df5f-491e-9118-a0a4f5cda406 for instance and click on "Rule" facet.
To group issues by type you can use the rule facet in the web interface.
But you will have only the 15 more frequent rule violations.
Another possibility, is to use the web api directly with a comma separated list of the rules you are interested in.
GET http://localhost:9000/api/issues/search?rules=squid:S1905,squid:UndocumentedApi
Another solution, if you really want this feature is to customize Sonarqube by changing:
private static final int DEFAULT_FACET_SIZE = 15;
in StickyFacetBuilder.java
You can also suggest a new feature here: https://community.sonarsource.com/c/suggestions
There is a Rule filter on Issues tab.