Connected to SonarQube (and which version): Version 10.0 (build 68432)
And a thorough description of the problem / question:
We want to use code-first for our ruleset so that we can control it in a Pull Request.
The use case is that a developer wants to make a rule change (or makes one ‘by accident’) and commits it.
We want the new ruleset to include this change if the PR is merged.
Can we define a SonarRules xml that both SonarLint and SonarQube use that ruleset?
Sorry, but that’s not available. The SonarQube rule set is controlled in SonarQube. The idea is that multiple projects will be using a shared Quality Profile, rather than one-per-project.
I understand, I do wonder how I should cover the following use case:
My team wants to review rules every sprint and see if they can turn on a rule to increase the security & quality.
When we turn it on the quality will first go down before we can fix it and the quality gate will fail.
We do not want to activate this rule on the main branch untill we fixed the errors/warnings it has generated and the quality gate succeeds again.
First, you can’t have different Quality Profiles for different branches. It’s one profile (per language) for the entire project, including all branches and PRs.
But you don’t need that.
When you add rules to a Quality Profile, the issues raised by those rules in the next analysis will be backdated. That means the vast majority of them won’t show up as issues on New Code. So if your Quality Gate focuses on New Code (as we recommend) then it’s not a problem to add new rules because newly-raised issues raised on old code won’t fail the Quality Gate.