Menu
How does a developer ( or for that matter any authorized user ) ignore a specific coding rule violation when Sonar throws it? Say a rule “Does not follow file naming convention ” pops up , is there a way I can declare it a false positive and click on some button which ensures that further instances of that coding rule violation are not displayed ?
If this is not possible, is there a document which explains how SonarQube applies rules to the code , so that I can manipulate the way it works to permanently dismiss a false positive . Thanks !
This question maybe an extension of the below question
In Sonar, how to prevent checking some rules in some packages?
299
Follow below steps to disable any rule in SonarQube: Login by admin. Go to quality profile & Select java/php profile [whichever is appropriate to you] Enter the rule as key and Search. Uncheck the box which will inactive the rule.
You can flag this issue as "false positive" in the Web UI, it will then be ignored in the next analyses If this is a real false positive, then it is even a good idea to come on the SonarQube user mailling list to discuss this so that we can create a JIRA ticket to fix this
To be clear, the standard for most rules implemented in SonarQube language plugins is very strict: no false positives. For normal rules, you should be able to be confident that whatever is reported to you as an issue really is an issue. But for security-related rules, the story is a little different.
The SonarQube Quality Model divides rules into four categories: Bugs, Vulnerabilities, Security Hotspots, and Code Smells. Rules are assigned to categories based on the answers to these questions: Is the rule about code that is demonstrably wrong, or more likely wrong than not? If the answer is "yes", then it's a Bug rule.
There are 2 points in your question:
You detect that a rule has generated a false positive issue on your code?
You can flag this issue as "false positive" in the Web UI, it will then be ignored in the next analyses
If this is a real false positive, then it is even a good idea to come on the SonarQube user mailling list to discuss this so that we can create a JIRA ticket to fix this
You find that a rule always generates issues that are not relevant in your context?
Those issues are not false positive at all, they are just irrelevant on your project
To fix this, you just have to deactivate the rule in the quality profile that is used for your project
163
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
