Hello!
I would like to know if there is any way to disable the use of NOSONAR globally in our projects instead of working with the rules that detect the use of it.
Thank you!
Welcome
this still stands
In fact, as Sonarqube admin you need to activate two rules.
java:NoSonar ‘Track uses of “NOSONAR” comments’
to prevent the use of //NOSONAR for hiding issues
call https://$yoursonarhost/coding_rules?open=java%3ANoSonar&rule_key=java%3ANoSonar
for activation
[java_nosonar]
java:S1309 ‘Track uses of “@SuppressWarnings” annotations’
with an appropriate whitelist to prevent some clever developers
using @SuppressWarnings("all") in all their classes
see documentation => Java
call https:/…
beside there’s also the use of sonar.exclusions as scanner property, think of sonar.exclusions=**/*.*
You’ve raised a very important point, but it seems we’re on our own, see this thread
Guess we will need to diff their sonar.exclusions with the sonar.exclusions configured at
Sonarqube server and break the build if there is more excluded.
Still considering how to implement that for Maven pipelines using the sonar:sonar goal , any ideas !?
Will use api/settings/values?keys=sonar.global.exclusions and compare it with the given
property sonar.exclusions from the pom.
The tricky part is, wh…
Gilbert
All right, we’ll use this, thank you very much for the answer Gilbert.
