which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Developer edition(-8.4.2.36762),Enterprise edition(8.5.0.37579)
what are you trying to achieve
what have you tried so far to achieve this
Analysis of same project in Developer edition and Enterprise edition giving different results.
Number of bugs,vulnerabilities and codesmells got reduced in Enterprise edition.
Can anyone please explain what made this difference?
Enterprise Edition doesn’t take anything away, it only adds features. If you’re seeing fewer issues, then this is going to be a question of configuration:
Hi Ann,
Yes i am analyzing same source with same exclusions.
I did not add any new profiles, used existing quality profiles(Sonarway) in both editions.
As per my understanding, Some of the bugs in Developer edition are marked as Code Smells in Enterprise edition.
So as a result i got reduced number in bugs and increased number in code smells in Enterprise edition when compared to Developer edition
for example the below rule in C,
“The three expressions of a “for” statement should only be concerned with loop control”
is a Bug in Developer edition and a Code Smell in Enterprise edition.
Okay! Now I think I understand. I guess you have the same total number of issues, but some are classified differently.
What you’re seeing is an artifact of the evolution of our thinking/understanding on these rules. Some rules start life as one type (e.g. Bug) but then get reconsidered and reclassified (Code Smell). The issues that were raised when the rule was a Bug rule were raised as Bugs. Issues raised after the change are raised as Code Smells. The old Bug issues don’t (currently! - there’s been internal discussion about this lately) get reclassified with the rule. Why not? Because suddenly “upgrading” old Code Smells to Bugs or vice versa could have significant impacts on folks Quality Gate statuses and so far we’ve always chickened out of that.
This shouldn’t be the case if both instances are the same version & running the same versions of the analyzer. But yes, since this sort of thing can change from version to version if the details don’t line up correctly then you could see this sort of difference.