Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What exactly is the meaning of False-positive operation in sonar?

Tags:

qa

sonarqube

When I encounter a violation in Sonar (in violation drilldown tab), in the source code view Sonar has some action like comment, assign, etc, one of those is False-positive, I want to know what exactly is the meaning of this operation, and when should I use it?

like image 679
Saeed Zarinfam Avatar asked Sep 04 '12 07:09

Saeed Zarinfam

People also ask

What is false positive in Sonar?

A false-positive is when an issue is raised unexpectedly on code that should not trigger an issue, or where the suggested action doesn't make any sense for the code.

How do you fix sonar issues?

Open - set by SonarQube on new issues. Confirmed - set manually to indicate that the issue is valid. Resolved - set manually to indicate that the next analysis should Close the issue. Reopened - set automatically by SonarQube when a Resolved issue hasn't actually been corrected.

How do you stop the problem in SonarQube?

For most languages, SonarQube supports the use of the generic mechanism: //NOSONAR at the end of the line of the issue. This will suppress all issues - now and in the future - that might be raised on the line.

What is a bug in SonarQube?

Bug – A coding error that will break your code and needs to be fixed immediately. Vulnerability – A point in your code that's open to attack. Code Smell – A maintainability issue that makes your code confusing and difficult to maintain.

2 Answers

As any automatic tool, Sonar - and the rule engines it relies on (Findbugs/PMD/Checkstyle/...), can make "mistakes" while raising a violation: only a human can detect this, and you have the ability to flag this "mistake" as a false-positive to be sure that you won't spend time on it again.

Obviously, this feature must not be used to mute real violations. What's more, each time you flag a violation as false-positive, a good habit is to write a meaningful comment (and also report the issue on the user mailing list of the corresponding tool).

like image 112
Fabrice - SonarSource Team Avatar answered Oct 25 '22 02:10

Fabrice - SonarSource Team

False-positive is then the software tells you there is a violation but you know better (like there is a reason, better than laziness, why the statement is poorly written) and this way you can mark the encounter as "Done The Right Way".

However, this functionality is sometimes used to get "clean" report for the manager. It's the worst that could happen.

Generally speaking - you should not use it.

like image 39
Artur Czajka Avatar answered Oct 25 '22 01:10

Artur Czajka
Sign in to Comment

Related questions

Newly upgraded Sonar not showing projects or users
What is the difference between coverage_exclusions vs exclusions in sonar?
How to setup sonarqube for Angular 7 project
Failed to start Sonar Webservice
Manually installing SonarQube plugins on Docker image
How to import rules.csv to sonar?
PacketTooBigException when running a sonar analysis
SonarQube is under maintenance
Convert JSHint rules to Sonar
Export/Import Visual Studio 2015 rule set into SonarQube
Why is anyValue % 1 "silly math" in Sonar when anyValue is a double?
OpenCover: possible to merge multiple reports into one?
SonarQube Test Coverage with MsTest
How is the warning 'Source files should not have any duplicated blocks' suppressed in SonarQube?
Project with both java and javascript in sonarqube using gradle
Sonar wants to close the Stream [duplicate]
How to change the key of a sonar project while preserving the analysis history
SONAR - Measure Code Coverage using Cobertura
How to change severity of the rule in sonar?
Error 500 during Sonar runner execution on Jenkins

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!