we have the problem that the type of an issue was changing (from Vulnerability => Bug). We like to adapt the type also in already existing issues now (in new/changed code it is working). I know that it is a feature to keep the type and severity in already existing issues.
Is there a way to adapt the type? I like to use the new settings of my current quality profile also in old code.
It’s very cumbersome to use the UI because there is this limitation of 250 issues per bulk change. Think for such cases there should be some kind of “reset” possible. I tried to assign a new quality profile, but also with a new quality profile it keeps the old values from the old profile. Hard to say if this is a bug or a feature? For SCM there is this sonar.scm.forceReloadAll, think there should be something similar here?
We consider it a feature not to churn your issues when we update our thinking on a rule. The idea is that if you have a Quality Gate condition on Bugs > 0, and we change a rule type from Code Smell to bug, we don’t what to fail your QG for you just because you upgraded your analyzer.
totally agree if someone is using same Quality Profile. In case you are assigning a new Quality Profile I would expect that new values of new Quality Profile for the whole code base is used?
In your sample “Code Smell => Bug” it also depends. In case the team agrees that this issue is a bug (maybe critical) it has to be fixed also in legacy code.
FYI, a profile is just a collection of rules. At the point where issues are being raised, the analyzer doesn’t know which collection a rule came from, only that it’s on. So it’s not feasible to detect that the issue came from a different profile.