SonarQube issue status updation for external issues - sonarqube

I have issues reported for my project through PMD analysis and am allowing sonarqube to consume the report through external properties.
Now I can see the external issues in sonar UI, but am not able to change the issue status from open to confirmed…there is no dropdown available.
I am using SonarQube 8.5.1 version.
Could someone help how will be able to change the issue status for these?

see here
There are a couple of limitations with importing external issues:
you can't manage them within SonarQube; for instance, there is no ability to mark them False Positive.
you can't manage the activation of the rules that raise these issues within SonarQube. External rules aren't visible on the Rules page or reflected in Quality Profiles.

Related

SonarLint plugin in Eclipse not display Error Javadoc

I'm trying to create method without add comment or documentation it, I expected SonarLint would show errors based on rules, but I don't see any errors or warnings. Why?
The particular rules you're looking for are "common" rules applied at the server. You're not going to see them in SonarLint. But in general:
Out of the box, SonarLint runs with the Sonar way (default) profile. If you want additional rules applied in the IDE, you'll need to:
set up a SonarQube instance (assuming you don't already have one)
configure a Quality Profile to your liking
apply it to your project
connect your project in the IDE to the project on the server
At this point you will see (almost) all the same issues in both places.

Sonar quality profile in command line cannot be replaced by a project profile

Having a look to our build logs, I can see this warning:
build 31-Dec-2015 10:37:39 [WARN] [10:37:39.896] Ability to set quality profile from command line using 'sonar.profile' is deprecated and will be dropped in a future SonarQube version. Please configure quality profile used by your project on SonarQube server.
Even if I can easily understand why it could be deprecated, I have an issue with that. We have a single SonarQube installation for all our teams. Each team must be compliant with a given Quality Gate but can define its own profile, depending on the needs. We are working with git branches. We have "static" branches such as master and develop, but also feature and bugfix branches which are also scanned (to insure code quality before merge). Entries in sonar are created also from command line
Dsonar.project.branch=${bamboo.planRepository.branch}
Which helps us to get one sonar entry per development branch.
Issue: Each time we create a feature, not having the command line will force us to go to Sonar and manually change the profile.
Do you have any suggestions, ideas, which may help us ?
Thanks
I have a similar problem with the potential deprecation of this feature. We have too many projects to be managing this administratively in sonarqube.
The best approach for our site is to allow the teams to select an approved profile using setting in the maven pom.xml.

How to delete a specific component from project on sonar dashboard?

We want to remove a specific component from an project on sonar dashbaord. Is there any way to do that - maybe directly in the sonar database ? I could find only the deletion of whole project on sonar dashboard. The deletion of the component is needed as source code has to be protected and now it is visible to all see source code users of the project which is wrong.
sonar version 4.5.1
You should restrict code viewing permissions.
If it's truly the case that you have users who should be able to see some components but not others then I would advise extracting the sensitive component(s) into another project on which you can impose tighter restrictions.

Not able to exclude some java packages from local server analysis

We have upgarded sonar server 3.5.1. In order to use sonar I have upgraded my local eclipse to Juno(4.2) and sonar plugin to 3.1. Sonar server is able to exclude some packages usign sonar.excustions key and does not show violations for those packages. But when I run report for sonar local analysis I see even though I added sonar.exclusions from local properties it does show violations for exluded files. How i can resolve this issue.
Thanks in advance.
Sapana.
There's currently a limitation on Sonar side (see http://jira.codehaus.org/browse/SONAR-4265) that prevents modules to retrieve all their related settings when analyzed independently from their root project.
Feel free to watch and vote for the ticket.

User specific sonar reports for same project

I have configured one project in sonar and integrated sonar with maven for build time analysis of the project.
After analysis, report is generated and uploaded to Sonar for browsing. But once another user compiles the same project their report overwrites mine.
Basically I want that one user's report on one project is not overwritten by report from other user. A user must be able to see their current violations independently. Is it possible in Sonar?
Sonar stores it's analysis on a daily basis, which explains why it's kind of pointless to run analysis several times in a day. Each analysis run will overwrite that day's existing results, which in turn spoils ongoing statistical analysis.
I would suggest running Sonar, from a dedicated build server like Jenkins (which has a Sonar plug-in). This daily analysis will populate the Sonar database and keep the project dashboard current. This architecture also enables you to keep the database credentials confidential.
Obviously developers would like to see the results of their bug fixing. For that I'd recommend running the Sonar Eclipse plug-in. The latest version will run the same Sonar analysis locally. Recent versions of Sonar also enable you to assign violations to developers for resolution.
This is not possible, last performed analysis will always be the one you browse in the interface. However, I guess what you need is the Issue Report Plugin which will enable analysis to store results locally, with the dry-run option.
This way your developers will be able to run an analysis on their code and see the violation delta without pushing the results.
You can do it by explicitly setting the below properties in pom.xml
<properties>
<sonar.projectKey>Test</sonar.projectKey>
<sonar.projectName>Test</sonar.projectName>
</properties>
Every user should set different projectKey and projectName, if you want that one user's report on one project is not overwritten by report from other user.

Resources