Quality profile neutral change raises too many new issues - sonarqube

We previously directed changed rules in the default sonar way quality profile.
To better track the changes made I created a new one which inherited the default one.
I then restore the built-in profile and reapplied out change in our new profile.
But after a new analysis we now have lot of issues reported as new.
Did I do something wrong ?
thanks for some explanation.
SonarQube Version 5.6

The default contents of the Sonar Way quality profile, can change from version to version as new rules are implemented, altho upgrading a plugin does not automatically add those new rules to an existing Sonar Way profile because of exactly what you saw. So your restoration pulled in all the rules that have been added to the profile since you first started with the plugin (or since the last time you performed a restoration). Additionally, new plugin versions may improve the implementations of existing rules, so new issues can show up after an upgrade even if you don't do a restore.
The restoration is why a lot of new issues were added on your subsequent analysis.

Related

SonarQube rules are not getting detected

I'm a big fan of SonarQube as a developer. This time though I need to do admin work since I need to configure it from a fresh install. I see this rule in SonarQube "Methods should not have too many lines" but I don't see that it belongs to any of the default profiles ("FindBugs+FB-Contrib", "Sonar Way"). I think that's the reason I don't see any rule violations of this type from any of the projects. I thought this should be part of a common default profile since this is a pretty common violation. How can I add this rule to the profile?
There are other rules that I need to add which I expected also to be in the default/available profiles already.
You can't edit built-in profiles. Instead, you'll have to create a new profile, and then you'll be able to edit the rules to your heart's content. I suggest you initialize your new profile either by copying the rules from the built-in profile of your choice, or by inheriting from that profile. Note that choosing the latter means your profile can (and probably will) be updated by upgrading your analyzers; each new version of SonarJava, for instance, implements new rules and many of them are added to the Sonar way profile.

Automatically associate new Sonar project with custom quality profile and quality gate

Our use case for Sonar creates new Sonar projects for each branch of our repository. How do we automatically associate the new branch project with a (non-default) Quality Profile and Quality Gate?
We're running this in a Maven project if that's relevant.
We had the same issue, within our company, and the only solution was to use the deprecated attribute sonar.profile (https://docs.sonarqube.org/display/SONAR/Analysis+Parameters).
Sidenote:
Generally there is also a interesting view on how to analyze branches. The general recommendation from sonarSource suggests to only use preview modes for short living branches. As a fact bitbucket-plugins with a richer featureset than just commenting issues, sadly need branch based analysis.
https://jira.sonarsource.com/browse/SONAR-5370 - the property will be removed in 4.5.1 based on the sonar task
Use the api/projects/create web service to provision your projects. You can then call api/qualityprofiles/add_project to assign your new project to the proper profiles. (You'll need to have first looked up the profile id's tho with api/qualityprofiles/search.)

Sonarqube profiles best practices

I would like to use the default rule set provided by sonarqube (5.1.2) which is collected in the default profile "sonar way". Now I need to add/remove some rules. What is the bets practice here? So far I have created a copy of the default profile and applied my changes there. Then after installing a new plugin I noticed that the default profile has been extend by some rules (obviously the useful ones) of that new plugin. So I need to add them manually to my custom profile. I reckon the same happens with updates of the java plugin.
My questions:
Should I work with a copy of the original profile to not pollute it and retain the opportunity to restore it to the factory defaults? (conclusion: manual work every time an update or new plugin comes in)
Should work with the original profile? (will it then still be updated without conflicts on new plugins/updates?)
Is there a way to work with a profile that is linked to the original profile? (like an overlay filesystem over a read only filesystem => OverlayFS)
You might be interested in profile inheritance: http://docs.sonarqube.org/display/SONAR/Non-rule+Profile+Edits+and+Information#Non-ruleProfileEditsandInformation-ProfileInheritance

Running updated quality profile against existing projects in sonar qube

I currently have a SonarQube instance setup with multiple projects. Currently I get multiple requests every few weeks to update the quality profile to include a new rule or to remove an old one. This is usually followed by me having to recreate the projects and then sequentially running analysis again so that I can have the differential view again starting from a baseline code. This is becoming a pain as the number of projects grow. Is there any alternative to this? For instance is there any way to tell Sonar to pick up the new rules from the quality profile and run the existing analysis again against these rules.
If I don't do that I get a spike in issues as new rules get added and a new analysis is run as the existing analysis wasn't run against those rules and doesn't have an accurate issue number.
Thanks for the help!
Once you have linked a profile to a project, you can change the rule set and it will be used during the next analysis. As you add or remove rules, spikes are normal. Propably what you want to ensure is that for example no new rules are introduced as you want to ensure the quality is not going down, but is always improved. You can do it using quality gates and build breaker plugin. Hopefully I could help.
I am not sure to understand very well what you want to do, if this is running again a new (changed) profile to all previous versions of a project, or to apply different profiles on different versions of a project.
Maybe this could help you ?
SonarQube - analyzing branches of the same project
How to configure Maven to run a SonarQube project analysis with two different quality profiles?

Applying sonarqube build breaker plugin to existing projects

So we use sonarqube/sonar in my current employer and have many existing projects on the sonarqube platform. I have been asked to go through these existing projects and ensure they have the buildbreaker plugin set to the default as some have been changed to true, the problem is they run into the hundreds and I don't fancy going through every project and checking this.
Is there a quicker way to change this? Maybe a script to run? A google search has revealed nothing, I am hoping someone has experienced this before.
Thanks.
Was actually ridiculously easy, setting>configuration>build breaker set to required value when not in a project will go back through all existing projects and change to the required settings.
This just means that to set an individual projects settings you will need to manually alter them again once you have changed the global settings.

Resources