Change issue type of old issues

sonarqube

(Günter Wirth) #1

Hi,

we have the problem that the type of an issue was changing (from Vulnerability => Bug). We like to adapt the type also in already existing issues now (in new/changed code it is working). I know that it is a feature to keep the type and severity in already existing issues.

Is there a way to adapt the type? I like to use the new settings of my current quality profile also in old code.

Regards,
Günter


(G Ann Campbell) #2

Hi Guenter,

You can manually bulk change the type of those issues. Unfortunately there’s nothing automated to catch old issues up to this type of change.

 
Ann


(Günter Wirth) #3

Hi Ann,

thanks for your answer.

It’s very cumbersome to use the UI because there is this limitation of 250 issues per bulk change. Think for such cases there should be some kind of “reset” possible. I tried to assign a new quality profile, but also with a new quality profile it keeps the old values from the old profile. Hard to say if this is a bug or a feature? For SCM there is this sonar.scm.forceReloadAll, think there should be something similar here?

Regards,
Günter


(G Ann Campbell) #4

Hi,

We consider it a feature not to churn your issues when we update our thinking on a rule. The idea is that if you have a Quality Gate condition on Bugs > 0, and we change a rule type from Code Smell to bug, we don’t what to fail your QG for you just because you upgraded your analyzer.

 
Ann


(Günter Wirth) #5

Hi,

totally agree if someone is using same Quality Profile. In case you are assigning a new Quality Profile I would expect that new values of new Quality Profile for the whole code base is used?

In your sample “Code Smell => Bug” it also depends. In case the team agrees that this issue is a bug (maybe critical) it has to be fixed also in legacy code.

See several solutions:

  • assignment of new Quality Profile reset values
  • explicit setting to reset values
  • better UI support (> 250)

Regards,
Günter


(G Ann Campbell) #6

Hi Guenter,

FYI, a profile is just a collection of rules. At the point where issues are being raised, the analyzer doesn’t know which collection a rule came from, only that it’s on. So it’s not feasible to detect that the issue came from a different profile.

 
Ann