Is there a way to apply a different quality profile based on the directory?
For context, my project has directories that contain legacy Java code which gets flagged for a lot of code smells (e.g. Java 7 generic type inference). I still want to scan these directories for bugs, security vulnerabilities, etc. but would like to disable scanning for code smells. I also still want to scan my non-legacy code for code smells so creating a quality profile for the project which omits code smells isn’t viable for me.
I’m running on SonarQube Developer version 9.3.0.51899.
This is a situation that seems custom-made for a Clean as You Code approach. In Clean as You Code, you apply the same rules and standards to all code, but only work at keeping errors out of the new code. If you do work in the legacy code, then you’ll naturally clean up that code as your work on it. Otherwise, you just pay attention to the Quality Gate, which is (by default) focused only on metrics “on New Code”.
Barring that, you’re going to need to do some real gymnastics, because it’s 1 profile per language per analysis. So your choices would be to run a separate analysis (with a different profile) for the legacy code, or set up a lot of exclusions.
I certainly believe in Clean as You Code and we’ve been working towards that but quite frankly we just want to reduce the amount of issue noise from the legacy code since it’s very rarely touched.
I ended up using the web api to automate the exclusions adding which ended up being quite painless. Thanks for pointing the exclusions out, I knew we could exclude files from the scan but didn’t realize we could exclude certain rules for given files.