Export and Import of Rules

Which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Sonarqube 7.9.2 * Enterprise Edition
scanner version 4.3.0.2102
DB: Postgres v10.x (AWS RDS)

What are you trying to achieve
We recently upgraded to v7.9.2. Over the past years, several dev teams have added and updated rules and the rules are in a bit of a mess currently. Our developers nor the Security Team are happy with the current rules on the server. After a few meetings, its has been decided that we are going to start from scratch; in other words, put all the rules that come with v7.9.2 and then the devs and Security Team will work together to add/update on top of the default rules from v7.9.2. I have been tasked with putting the v7.9.2 default rules on the server. I would appreciate if you will be able to offer some advice as to how I can achieve this please. Here are some questions I have:

  1. Can I download all the rules that come with v7.9.2 without having export from a new install?
  2. If need to export, can I export the entire rules set in one go rather than doing per language using /api/rules/search?languages=?
  3. If I import all rules via “Restore” function on /profiles page will that wipe out all the existing on the server and install the ones in the export file?
  4. Can this be done via database table dump and restore? If so where can I find the docs please?

What have you tried so far to achieve this
I looked at post here: https://stackoverflow.com/questions/40885210/how-to-extract-or-export-rules-from-sonarqube
We have over 300 projects with over 15 programming languages, so I am looking for an efficient way to do this task without having to do too many mundane / manual tasks. Ideally I am looking to export all the v7.9.2 rules in one go and then restore on to the server in one shot; similar to how you would do a DB dump and restore.

Thank you.

1 Like

Hi,

Welcome to the community!

There’s no need to import/export. Just look at the BUILT-IN Sonar way profiles. These are the default rule sets. Now you just need to create your new profile. we’ll call it “Unified”, and copy the Sonar way rules into it. The docs will help with that.

 
HTH,
Ann

@ganncamp, thanks so much for the reply.

The problem we have is that the default rules that come with the v7.9.2 version has been modified by the dev teams so they are not the same as whatever the rules the server came with. So we would like to re-instate all the rules in Sonar way profiles to match the original ones. We can then do what you said: create our custom profile by copying the Sonar way profile into it along whatever rules our devs and Security teams decide to go with.
So I am looking for a quick and easy way to put all the original rules back for about 15 programming languages; preferably I can do this as one whole export and import.

Thanks.

Hi,

The built-in profiles aren’t editable, so your devs can’t have messed them up.

 
:smiley:
Ann

@ganncamp, this is great news, this cuts down my work by a big factor. Thanks.

The only reason I mentioned is that we had 2 nodes with v7.9.2 and when I compared the Sonarway rules for say! Java, one said 394 and the other 399. So I thought that the Built-in Sonarway rules can be edited.

As you said yesterday, Say! I customize rules by creating a new profile, we’ll call it “Unified”, and copy the Sonar way rules into it and then add some our own rules in there too. Say I did all this work on our staging server, can I then easily export the Unified profile from Staging server and then import it into our production server? Also, can we easily back up our rules / profiles should something go wrong?

Hi,

There are limitations around customizations here. Specifically, I don’t think Extended Descriptions get included, and I don’t think rules created from rule templates are included either. Other than that, it should work.

With the above caveats, yes. However, simply backing up your database should more than cover this.

 
HTH,
Ann

@ganncamp, thanks again. You’ve been a great help, really appreciate it. It saves so much time (especially when you have tight deadlines) getting this knowledge from the SMEs rather than researching on web.

1 Like