Hello SonarQube team,
I had to notice with the update that exporters are deprecated.
We use this great feature very often and export the Checkstyle, Findbugs, PMD Rules to keep the security of our software always high. With exporters, it is possible for the whole team to access the configured rules in SonarQube as a single source via Maven/Gradle.
What are your alternatives so that no function is dropped?
Hi,
It’s not clear to me what you mean by “exporters”. Could you provide a path through the UI or perhaps a screenshot to make it explicit?
Thx,
Ann
Hi,
Thanks for the screenshot. I guess these only show up if you’ve got one or more of those plugins loaded, which the instance I was looking at didn’t.
Unfortunately, I can’t answer the question. So let’s wait for the full-time PMs to show up.
Ann
Hi,
we use the Checkstyle Exporter and just came across the same question.
Are there any news how these deprecated Exporters will be replaced?
Thanks!
Regards,
Carsten
Hello,
As of now, there is no plan to provide a feature to replace Exporters.
If I understand correctly, you used this feature to make sure all developers use the same active rules when they run Checkstyle, PMD, and Findbugs locally on their machines.
I can understand why you are still using Checkstyle, but why do you continue to rely on PMD and Findbugs while Sonar provides out-of-the-box rules that cover what these linters cover, certainly more accurately and you have with SonarLint Connected Mode automatically this sync of rules and issues.
Alex
Hi Alex,
Thank you for your reply.
I think the Findbugs exporter is only there in the interface for historical reasons. Of course Spotbugs is running in the background with various plugins.
I am currently using the following plugin. GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube
Are you sure that SonarLint has most of the rules from the Spotbugs project included? Is there perhaps an official comparison that backs up your claim?
Currently, I have about 800 rules from the Spotbugs project activated in my profiles. The normal Sonar Way Java profile only has around 500 active rules. I have occasionally noticed duplications, but Spotbugs usually finds more issues.
I find it sad that SonarQube is removing such simple functions instead of promoting them. Do I now have to store everything in separate XML files in some Git repositories and sync them regularly with SonarQube? This is definitely a big step backwards and feels so 90s. Especially since there is no real alternative.
Best regards
Philipp
We have a custom Quality Profile containing Checkstyle rules. We extensively use the Checkstyle Exporter capability on our custom Quality Profile to get a URL reference to the Checkstyle rules from the SonarQube Quality Profile. This Checkstyle Exporter URL is set on the Checkstyle settings configuration property “<checkstyle.config.location>”. This allows developers/teams to preform Checkstyle Check using the Checkstyle rules from SonarQube without having to do a full SonarQube scan. Looks like Checkstyle Exporter has been removed starting with version 10.14.1 and greater of the SonarQube Checkstyle plugin.
Why was it decided to remove this simple but useful feature?
Now we will have to stay with older SonarQube Checkstyle plugin until we have communicated the removal of Exporter capability and our dev teams have removed its use.
Question above was legitimate and I think it is still valid.
I kicked the can down the road, but can’t find any explanation and/or suggestion on what is the alternative - sharing same ruleset (Checkstyle, PMD, Spotbugs) within team as well as CI.
