can Sonarqube analyse code only on latest perforce changelists.I don't want code review on the whole code base as its Legacy code written 10-15 yrs back.
can you please help me here or point me to any documentation.
Thanks in Advance.
What you're looking for is the Leak Period. I.e. you want to focus on the recent changes to the code. SonarQube is designed to help you do that.
The entire code base will be analyzed, but by default the Quality Gate tests changes on new/leak period code, and the interface is designed to highlight leak period changes.
Related
we have a legacy code (10 years old), I want to bypass that code not to be analyzed in SonarQube. Or, SonarQube should scan only recent changes which i made to the legacy code or new files. How to achieve this. I found the CutOff Plugin is deprecated since SonarQube4.0 , we are using SonarQube 7.5
Please help
SonarScanner doesn't support analyzing only part of source code (example: only newer than a specified date). It always scans everything. If you keep your legacy code in other packages than the new code, then you may configure exclusion filter to just ignore the old code. You have to set the sonar.exclusions parameter (comma-separated list with ignored paths). You can read more about Narrowing the Focus in the official documentation.
Be aware that the proposed solution is not recommended. SonarScanner is able to find many vulnerabilities which should be fixed also in legacy code. It can prevent your company against material (e.g. money) and non-material (reputation) losses. The recommended way is to scan all code, and use Quality Gate to prevent introducing new issues. You can read more about it in Fixing the Water Leak.
I have very old application, which doesn't meet code coverage and code quality. Having like 20% code coverage and 500+ code smells. Now for year 2018 I want track code quality.
To track this I think of below one solution,
Every time generate sonarqube report against specific version so that can be able to get idea about code quality in new bugs, new code smells section. I will be able to track code quality on newly added code in 2018. How can I achieve this in sonarquebe... or any other better suggestion.
SonarQube is tailor-made to help you focus on the quality of new code, or code in the leak period. New code metrics appear on the project front page in the yellow-highlighted section on the right of the page, and the default Quality Gate focuses on new code as well.
We have a lot of legacy code in our repositories, and now we implement SonarQube 6.4 but our legacy code causes a lot of errors and warnings, so we would like to analyze only new written/in the future modified code and exclude the old because we have no resources to amend all issues from legacy code written during last 10 years.
How can I exclude already found issues e.g. by the date they when they were found? But we don't want to exclude all old files as such, because edit them from time to time. We just want to make sure not to add new issues.
SonarQube promotes the idea of a "leak paradigm". In short, the idea is to continously enrich your existing code base with clean, maintainable, secure increments - which will make your code base better over time.
Fixing all existing issues is not advisable.
So: define a leak period in SonarQube and change your quality gate to only leak measures. SonarQube is made for exactly your use-case!
You could change all of the issues within a time frame via Bulk change:
filter:
bulkchange accordingly
I've just installed SonarQube and it's understandably found a lot of technical debt that we want to eventually fix. However at the moment, I want to make sure that any new code checked in is evaluated and issues flagged in that.
I know I can mark issues as won't fix, but is there a way to flag issues that have arisen after a certain point in time and leave the existing technical debt as "Will fix later"?
I know ideally I'd like to halt development and fix everything right now, but I've only just got buy in for a CI server and some of my senior colleagues don't even see the point of unit tests, let alone ensuring code quality.
SonarQube focuses now on the Leak Period, i.e. problems introduced recently. This is handled through project versions, so you just need to update your string to start a new leak period and immediately differentiate old code from new.
Take a look at SonarQube itself on SonarQube.com. The highlighted "Leak Period" section on the right brings attention to problems that are new in this version.
I know that the 5.0 release note say "After the migration, source syntax-highlighting won't be available on a project until it has been successfully analyzed"
BUT, i can't imagine that there is no way to activate just by running another analysis. In fact, when you have thousands of components (it's our case), you can't plan 4500 analysis just to "restore" a basic but helpful functionality ! And it's more true when you know that the majority of theses components wasn't changed since a time ago... :(
So, please, say me that we can write a little batch or program that will do the job without need to pull all the sources ! I don't know how because i don't' understand this limitation of this upgrade (why sources aren't accessible)
You should trust the release notes. Information required for syntax highlighting is computed during analysis. Note that it also requires the language plugins to support this feature. I suggest to upgrade them to latest versions.