Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Finding rules with 0 instances in sonar?

Tags:

sonarqube

TL;DR: Basically what I am looking for is a way to get a list of all sonar rules that have 0 issues raised. I could then move all of those to blockers and protect myself from someone adding that issue in the future.

My company is using sonar and static analysis to help guide refactoring and development of a sizable legacy codebase (~750K LOC). We have had a lot of success by lowering the severity of most rules and then choosing a smaller set of rules to promote up to blocker or critical as we find real issues in the code. This has kept the number of issues we are trying to address at a time manageable so we can actually feel like we are making progress and not drown in the noise of legacy issues.

In particular when we have been bitten by a field or QA issue that sonar could have detected we turn that issue up to a BLOCKER and fix every instance of in. These blockers break the build and we are now assured that we wont add a new instance of the same issue again. This has worked great and has kept a number of what would be nasty bugs from slipping through.

The big problem with that methodology is we need to have an example of every one of those classes of mistake atleast once in the codebase so we could learn that it was important and should be made a blocker. Any issues we haven't already encountered will still be at their default level, I'd like to move all of them up to BLOCKER now so we notice the day they are added.

Edit: Currently we are using 3.7.3 but we are about to upgrade to 5.X.

like image 478
Sam Hendley Avatar asked Apr 13 '15 22:04

Sam Hendley


People also ask

How do I get SonarQube rules?

By default, when entering the top menu item "Rules", you will see all the available rules installed on your SonarQube instance. You have the ability to narrow the selection based on search criteria in the left pane: Language: the language to which a rule applies.

How do you exclude Sonar rules?

To use exclusions to analyze only the specified subset(s) of files in sonar. sources , go to Project Settings > General Settings > Analysis Scope > Files. You can set these properties at both the project and global levels.

Which of the following three search criteria are available under rules in SonarQube?

The SonarQube Quality Model has four different types of rules: Reliability (bug), Maintainability (code smell), Security (vulnerability and hotspot) rules.

How do I fix problem in SonarQube?

Open - set by SonarQube on new issues. Confirmed - set manually to indicate that the issue is valid. Resolved - set manually to indicate that the next analysis should Close the issue. Reopened - set automatically by SonarQube when a Resolved issue hasn't actually been corrected.


1 Answers

There are 2 ways to do this:

1- The difficult way is to query the SonarQube database. You have to understand the tables and write a SQL query based on which DB is used for your SonarQube. You Can find some reference here - OR here

2- I have never tried your method but it should work. You can use Sonar Web Service API. You also have a Web Service Java Client. Reference : link1,link2,link3

like image 176
Tejus Prasad Avatar answered Oct 21 '22 04:10

Tejus Prasad