Thanks for the post. You’re completely correct, New Code ratings are not displayed for Applications. We have a ticket in our backlog to correct this (note that the headline is for maintainability metrics, but it’s noted in the comments that we’re also missing Security and Reliability ratings on New Code).
Thanks @Cameron for letting me know this is a bug. In the meantime, is there any workaround/anywhere else in the UI where these values can be seen? I don’t see it on the measures tab and since the bug refers to values not being calculated I’m guessing this isn’t just a UI display issue.
Unfortunately they’re simply not calculated from the underlying data, so there’s nowhere I can point you to (except to the project level which you’ve already discovered).
@Cameron is there a bigger implication here that my new code application quality gate will not be shown as failing if one of the ratings is failing? I wonder this because of the following… Here’s the new code overview for a project in one of my applications:
Notice the quality gate for that project is failing, but it only mentions the code coverage as the reason. Shouldn’t it be showing that Reliability and Vulnerability are also failing for this project at the project and the application level?
Perfectly reasonable question. The Quality Gate for the Application is the union of the statuses of the Quality Gates for the underlying projects. So you can see in your example that the QG for the Application is failing because Coverage on New Code is 18.62% (the value for the project) not 46.2% (the value for the Application). So (fortunately) there are no Quality Gate implications here.
That depends on your QG at the Project level. A Reliability rating of E on New Code would fail the “out-of-the-box” QG at the project level; it’s worth checking your project’s QG to see what criteria you’re using.
@Cameron I made some changes to investigate this more specifically. First, here’s the quality gate that is applied to the project. Notice that the only override from the default Sonar way is for code coverage to be better than 10%. There is no override for any of the ratings.
Next, here’s the project overview result that is passing. I would have expected this to be failing due to the reliability rating being “E” so maybe I am doing something incorrect that is resulting in this passing here.
And finally, if that project isn’t failing the quality gate, I suppose I shouldn’t expect the application that contains it to be failing because of this project (it is failing due to other project status, not because of this project I showed above):
@Cameron I think I understand my error here… my quality gate overrides the Sonar way default completely and I did not specify anything for the ratings. I thought it was more of an inheritance relationship where my quality date overrides only the criteria I specified. So, I need to specify the rest of the criteria to match what is in the Sonar way default in my quality gate.
You’re completely right: there is no inheritance mechanism for Quality Gates. If you specify just a single condition in your Quality Gate, SonarQube will only evaluate that condition.
Absolutely correct! (Or copy the Sonar Way gate and adjust)
No target version at this stage. I hope it will get into the 8.x LTS, but there’s a lot of other work to happen there too, so I can’t guarantee it.
@Cameron we have updated to Version 8.6.1 (build 40680) but this problem is not fixed. Also the bug you linked above that is now closed is not the issue I reported.
The issue is that none of the letter grades are reported on the new code tab for an application. Is there a bug tracked for this? For example:
The ticket I referenced started life as a call for the Maintainability metrics (including the rating/letter grade) to be calculated for new code. It evolved when we clarified that we are missing all ratings for new code, and was closed when our team assessed that we couldn’t tackle it in its current form.
I think it’s pretty unlikely that this will make it into the 8.x LTS release.
@Cameron isn’t this basic functionality that’s missing/broken and is a legitimate bug? How can I have a ticket created that is focused on this specific issue so that I can follow it?
It’s missing but in fact it was never implemented (for as long as Applications have existed) so our team is considering it an enhancement rather than a bug
I’m interested to understand why you need these ratings at the Application level. They don’t impact the Quality Gate since that’s calculated from the underlying projects. What do you plan to use the information for?
I’m interested to understand why you need these ratings at the Application level. They don’t impact the Quality Gate since that’s calculated from the underlying projects. What do you plan to use the information for?
The obvious answer is just that the entire SonarWay recommends focusing on new code and not being overly concerned with the past. So why provide this capability on overall code but not new code?
But anyway, here’s a specific use case… I have applications comprised of 100+ projects. Let’s say 50 of the projects are failing their respective quality gates. I now have a long banner down the left showing all the various project’s new code quality gate failures across all the different static analysis categories. Somewhere mixed in there are reliability quality gate failures with B’s, C’s, D’s, and E’s. How do I quickly learn what my new code reliability rating is? I guess I need to scroll down and take notes on each project that is failing to determine what the worst rating is for reliability. Rinse and repeat for the other categories. That letter grade should be right there on the overview.
Next, clicking on a letter grade on new code should take me directly to the measures tab with that static analysis grade for that category selected, summarizing for me all the projects that have contributed to this failing letter grade (as is the case for overall code overview tab).
Which brings me to the crux of what the I think the bug is… If you look at measures, there is a letter grade for new code Security Review, but nothing else. That inconsistency seems like a bug to me, preferably with the fix being for all categories to show the letter grade on the measures tab for new code. Do you agree? If you agree that’s a bug, fixing it certainly at least gives me a way to do what I suggest above, but additionally once it is fixed for the measures tab, why not show it on the new code overview, if for no other reason than consistency in the UI.
I’m going to raise this internally; no guarantee that a ticket will come out of it, but it warrants some additional discussion with our development team.
Just letting you know that this has been recorded in our product management tool (in your exact words ) so it’s there for our Product Management team as they’re building the 9.x roadmap.
) so it’s there for our Product Management team as they’re building the 9.x roadmap.