SonarQube 8.4.1
What I’m trying to achieve: Use standard ways to mark code quality exceptions or false positives without repeating myself.
What I have tried so far: search the documentation.
Scanners sometimes produce false positives. Sometimes we just want to customise the linting rules.
A lot of you probably use (de facto) standard linters in addition to SonarQube - e.g. flake8 for python, eslint for JavaScript, etc.
These standard linters have ways to configure their rules.
For instance, flake8 can read configuration from a file, which, by convention, is one of setup.cfg
, tox.ini
, or .flake8
(https://flake8.pycqa.org/en/latest/user/configuration.html#configuration-locations). flake8 also understands noqa
comments in the Python source code files (https://flake8.pycqa.org/en/latest/user/violations.html#in-line-ignoring-errors and https://flake8.pycqa.org/en/latest/user/violations.html#ignoring-entire-files).
Similarly, eslint reads configuration from files such as .eslintrc
, .eslintignore
, and package.json
. It also understands configuration comments (https://eslint.org/docs/user-guide/configuring).
Do scanners like SonarJS, sonar-python, sonar-dotnet, etc generally understand the configurations of those standard linters? Such that if I disable or configure a standard linting rule on a certain line of code, SonarQube won’t complain about it either?
Otherwise, I would have to mark these exclusions twice - once with the standard linter config, and another time via SonarQube web UI.