Is there a way to configure the analysis scope for individual issue categories? I want to completely disable code smell analysis, but keep security analysis. A not so viable workaround would be to create a separate quality profile, but it seems like that would add a maintenance cost to sync it with the built-in Sonar profile.
We use ESLint for all of our static analysis needs, but want to keep Sonar’s security scanning.
Hey Andrei.
Adjusting the Quality Profile assigned to your project is the tried and true (and built-in) method to define the rules you want to apply to your project. Anything else would be a painful workaround as new rules are regularly being added to the default Quality Profile, and it’s not possible to exclude an entire rule type.
Can you discuss a bit more why you want to turn off Code Smells completely? Are they irrelevant? Duplicating issues already raised by ESLint?
Hey Colin, thanks for the quick reply.
Adjusting the Quality Profile assigned to your project is the tried and true (and built-in) method to define the rules you want to apply to your project. Anything else would be a painful workaround […]
Could you please elaborate on this? I can’t seem to adjust the built-in profile, so I’m forced to make a copy, which comes with the problem you also mentioned about not inheriting new rules.
Can you discuss a bit more why you want to turn off Code Smells completely? Are they irrelevant? Duplicating issues already raised by ESLint?
Yes, they are either duplicating our ESLint rules or are not relevant for us. We want to have ESLint as the source of truth for assessing code quality, including security, but want to use Sonar as a dashboard to monitor only security issues across the entire company.
This does mean creating a copy, removing the Code Smell rules, and needing to regularly compare with the built-in profile to keep up-to-date.
You could also consider extending the Quality Profile and setting all Code Smells to INFO severity.
We really consider that we add value on top of existing ESLint rules (and we support importing ESLint reports as well).
You might also be interested in commenting/voting on this feature request:
https://community.sonarsource.com/t/deactivate-on-extended-profiles/54878