How can we identify the most common types of issues in a project in our current code base.
We have recently upgraded from Sonar 4.5 to 5.1
In 4.5 we used to view the issues list in a specific project, and the issues were grouped by issue type. For instance in one project the rule "Use a logger to log this exception" might be the most common critical rule with 45 violations. We could then use that information to drive improvement efforts.
In 5.1 we are now presented with a long list of issues with no apparent way of group them.
The ability to see what type of violation was most common was also useful in allowing us to see where best to direct our efforts in terms of remedial action.
You can do that easily on issue page of your project : just click on the rule facet and you should have the list of most violated rules.
See http://nemo.sonarqube.org/issues/search#resolved=false|projectUuids=b38e4f29-df5f-491e-9118-a0a4f5cda406 for instance and click on "Rule" facet.
To group issues by type you can use the rule facet in the web interface.
But you will have only the 15 more frequent rule violations.
Another possibility, is to use the web api directly with a comma separated list of the rules you are interested in.
GET http://localhost:9000/api/issues/search?rules=squid:S1905,squid:UndocumentedApi
Another solution, if you really want this feature is to customize Sonarqube by changing:
private static final int DEFAULT_FACET_SIZE = 15;
in StickyFacetBuilder.java
You can also suggest a new feature here: https://community.sonarsource.com/c/suggestions
There is a Rule filter on Issues tab.
Related
When I am creating a new session (or try to access from an other computer) in Vaadin Flow I get this error:
Can't move a node from one state tree to another
From this link, I read something about UI and getUIId().
However, I don't understand how I should change my application in order to fix the error.
As Denis mentioned in the forum post you linked, wrong scope sounds like the most likely culprit. In other words, you are trying to use the exact same component instance in two different UIs, when both UIs should have their own instance. It's not possible to use the same instance in two places at the same time.
You can find the documentation for Vaadin Spring scopes here: https://vaadin.com/docs/latest/flow/integrations/spring/scopes
One possible cause of errors such as that is that if you're storing a Component in a static variable. You shouldn't do that - a Component instance can only belong to a single UI. A single UI in turn (in practice) means a single browser tab.
I am looking for a static validator that validates Kubernetes deployment or service yaml files based on custom rules. For example, I can have a rule to disallow some fields in the yaml files (although they are valid fields in K8s), or specify a range for values of a field. The validation is triggered independent of kubectl.
The closest solution I found is this kube-lint: https://github.com/viglesiasce/kube-lint. However, it does not seem to be supported since the last commit is March 2017.
Can anyone let me know if there is anything else that does the dynamic validation on K8s yaml files based on custom rules?
I believe the thing you are looking for is an Admission Controller and its two baked-in kinds "validating" and "mutating." However, as the docs say, if that's not powerful enough for your needs there is also Dynamic Admission Controller.
Be sure to watch Pod Security Policies as it matures out of beta (or, I guess, try it even now)
I haven't ever used them to know what the user experience is like (such as: does kubectl offer a friendly message, or just "401: Nope" kind of thing?), but as for the "disallow some fields" part, I am pretty confident they will do exactly as you wish.
I have a web app project where the quality is measured under sonarqube.
As i'm dealing with an external code within my project files
Recently i have had some issues appearing due to that exetrnal code and which i'm not focusing on its quality :
So i wanna just delete the issue to appear from my sonar dashboard (which looks like the following):
The solutions that i have had where not really usefull , as :
i was suggested to change the level of the rule itself from "issue" to "info" :
And of course that seems to be not usefful because , i won't affect the rule itself
the second suggestion was to use the :
#SuppressWarnings decorator in my blocks of code where the issues appeared ; : for example use it under classes or methods or even fields
-> this method results in adding some code to my extarnal code and that won't be also good as i'm not even having the permission to do it.
I wanna just the simpliest solution to delete the issue from the sonar dashboard , just suppress it from the SonarQube interface , strangely it seems that there is no a direct way to do it :
Any better ideas ??
The easiest way is excluding external code from the report with narrowing the focus feature.
Just add to your sonar-project.properties file path pattern to exclusion, for example
# Exclude all classes ending by "Bean"
# Matches org/sonar.api/MyBean.java, org/sonar/util/MyOtherBean.java, org/sonar/util/MyDTO.java, etc.
sonar.exclusions=**/*Bean.java,**/*DTO.java
# Exclude all classes in the "src/main/java/org/sonar" directory
# Matches src/main/java/org/sonar/MyClass.java, src/main/java/org/sonar/MyOtherClass.java
# But does not match src/main/java/org/sonar/util/MyClassUtil.java
sonar.exclusions=src/main/java/org/sonar/*
If you're not interested some issues because it's not your code, then you should not have SonarQube analyze that code. According to the SonarQube documention:
We recommend that you exclude generated code, source code from
libraries, etc.
You should check in particular the following settings in the same documentation page:
sonar.sources
sonar.exclusions
These settings will be taken into account the next time you run an analysis.
I'm using the latest ASP.Net WebAPI Nightly builds (dated 2013-01-16).
I have a simple EF database first model at the moment that has two entities - Patients and Visits. Each patient can have many visits.
I'd like to be able to query for my list of patients and have the visits entities for each patient returned inline. I know that WebAPI's OData implementation doesn't yet support $expand. I'm hoping that just means that optional client-controlled expansion is not supported and that I can force expansion server-side.
At the moment I'm not getting any of the visits inline.
For example, my PatientController's() Get() method looks like
[Queryable(AllowedQueryOptions=AllowedQueryOptions.Supported)]
public override IQueryable<Patient> Get()
{
var query = this.entities.Patients.Include("Visits");
return query;
}
I've verified that the query executing against my database does indeed include the visit information.
To use a publicly available OData service as an example, if you use the service at http://services.odata.org/OData/OData.svc/, you can get a list of Suppliers. This is http://http://services.odata.org/OData/OData.svc/Suppliers.
You can also ask for a list of suppliers that includes the list of products using http://http://services.odata.org/OData/OData.svc/Suppliers?$expand=Products
Stepping through the ASP.NET code (via the symbols server) I've got to the System.Web.Http.OData.Formatter.Serialization.ODataEntityTypeSerializer and can see that it's CreatePropertyBag method, which builds up the list of properties to be serialized, just doesn't include the navigation properties, and they don't seem to be enumerated anywhere else apart from being written out as NavigationLinks.
I'm quite new to the ASP.NET world in general and have spent a week or so getting my head around the way things work (particularly with the changes made to OData at the end of 2012 and further changes made so far in 2013).
I suspect that if the ODataEntityTypeSerializer was to be modified (I'm happy to try) to embed this extra information in the appropriate spot (within each navigation link as an nested inline feed as best I can tell) then I'd be set.
Questions:
Have I overlooked something obvious and there's a flag I can set to turn on this behaviour? I can see why, if such a flag exists, it would be off by default (EF lazy loading and this flag wouldn't get on well)
If #1 is no, is there some other ODataEntityTypeSerializer that I could use? If so, how do I switch to it?
If #2 is no, any pointers for where I should start writing my own? Is there a place I can substitute in my own serializer or do I have to maintain my own fork of ASP.NET's Extensions project (as opposed to the Runtime project)
Thanks very much!
$expand is very high on our list of things to support for OData. But as far as I know, we don't have any flag to turn it on server-side. The formatter doesn't currently allow you to substitute your own serializers either. So I'm afraid your only option in the meantime is to create a fork and add support for $expand. If you manage to get it working, please consider sending a pull request our way:
http://aspnetwebstack.codeplex.com/SourceControl/network
You can try it already in webapi nightly builds.
Here is how to install it with nuget:
http://aspnetwebstack.codeplex.com/wikipage?title=Use%20Nightly%20Builds
I am new to sonar,just heard about this tool.
Can we use this tool to perform code review for FMW(Fusion Middleware) -OSB(Oracle Service Bus)/BPEL project ?
If so can anyone give some inputs on this?
The official plugin-List : http://docs.codehaus.org/display/SONAR/Sonar+Plugin+Library/ does not mention support for your tools.
But sonar can be extended with custom plugins, so you may be able to write your own plugins to provide metrics for your tools.
What level of review you want to cover? It is really easy to make your own review tool for BPEL. All BPEL resources are XML files. For example if you want to check for naming convetion of BPEL activities, you can define a simple XPath based rule.
Ex:
//sequence/#name ~= "^sequence.*".
A Java program can use the above XPath to pull-out all sequence names from the xxxx.bpel file and compare it against a regular expression. Similar rules can be created for checking WSDL usage, partner links, end-point addresses, usage of Error handling etc.