What I’m trying to achieve: Use standard ways to mark code quality exceptions or false positives without repeating myself.
What I have tried so far: search the documentation.
Scanners sometimes produce false positives. Sometimes we just want to customise the linting rules.
These standard linters have ways to configure their rules.
For instance, flake8 can read configuration from a file, which, by convention, is one of
.flake8 (https://flake8.pycqa.org/en/latest/user/configuration.html#configuration-locations). flake8 also understands
noqa comments in the Python source code files (https://flake8.pycqa.org/en/latest/user/violations.html#in-line-ignoring-errors and https://flake8.pycqa.org/en/latest/user/violations.html#ignoring-entire-files).
Similarly, eslint reads configuration from files such as
package.json. It also understands configuration comments (https://eslint.org/docs/user-guide/configuring).
Do scanners like SonarJS, sonar-python, sonar-dotnet, etc generally understand the configurations of those standard linters? Such that if I disable or configure a standard linting rule on a certain line of code, SonarQube won’t complain about it either?
Otherwise, I would have to mark these exclusions twice - once with the standard linter config, and another time via SonarQube web UI.