Must-share information (formatted with Markdown):
which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Java Code Quality and Security 5.14 (build 18788)
what are you trying to achieve
Compare a quality profile to Sonar way (defaults by Sonarqube)
what have you tried so far to achieve this
I have to compare the default Sonar way to a quality profile created a while ago by someone. The problem is that I’m not 100% familiar with all the rules. Very confusing is, that the quality profile Sonar way has about 498 rules defined, while in “Rules” for Java I’ve git >1.9k rules. What’s the deal? Is it because other profiles may have other rules defined and the profiles only represents a bunch of rules from the pool of 1.9k?
A task I’ve got from our security guys is to take a look if the official Oracle Java Security Guidelines are implemented as well into “Sonar way” or any other defined profile.
Can you please advice? I hope my question is somehow understandable.