I am currently using sonarqube version 6.0 and want to switch to sonarqube version 8.6 but want to keep rule apply of sonarqube version 6.0.
I don’t want to get increment of bug count because of new rules.when projects are stable but want to use sonarqube for new technologies like typescript, drupal, kotlin.
Hi @rajnish.sharma ,
It’s a very good idea to upgrade your version to use the 8.6 (or even 8.7 when it’s released) of SonarQube you will benefit from much more than “only” new rules, but also new languages covered, new features, new project homepage to focus more on the New Code, and apply the CAYC (Clean As You Code) philosophy behind our products.
In SonarQube, you can choose the rules set that you apply to your project, by defining your Quality Profiles. So you can activate here and deactivate the rules that are relevant for your organisation.
That being said, you should not be worried about adding new rules to your server and your analysis, and discover new “issues” :
- these issues already are in your code, it’s only that the previous analysis in 6.0 missed them, because the rules didn’t exist at that time (which is a long time ago…)
- you should focus on the New Code → If you set up your New Code period correctly, even if your technical debt increases because you find new issues, the New Code should still be clean and safe, and your developers should focus on this part.
- it’s always good to know when a security vulnerability is hidden in your code, even if a 6.0 SQ version didn’t catch it before → it’s always time to fix it now
And to add on top of this, languages analysers versions are now bound to SonarQube version (since 8.5).
as addtion to @Carine_Bayon Carine’s response if you run custom rules.
Implemented some custom Java rules based on Sonarqube api 5.6 in 2016.
This rules still work with Sonarqube 7.9 LTS, but they don’t work anymore with Sonarqube 8,
as Sonar scanner switched to ECJ Eclipse Java Compiler.
Maybe you have to update your custom rules if any.
see sonar-java/CUSTOM_RULES_101.md at master · SonarSource/sonar-java · GitHub