Hello SonarQube team,
I had to notice with the update that exporters are deprecated.
We use this great feature very often and export the Checkstyle, Findbugs, PMD Rules to keep the security of our software always high. With exporters, it is possible for the whole team to access the configured rules in SonarQube as a single source via Maven/Gradle.
What are your alternatives so that no function is dropped?
Hi,
Itâs not clear to me what you mean by âexportersâ. Could you provide a path through the UI or perhaps a screenshot to make it explicit?
Thx,
Ann
Hi,
Thanks for the screenshot. I guess these only show up if youâve got one or more of those plugins loaded, which the instance I was looking at didnât.
Unfortunately, I canât answer the question. So letâs wait for the full-time PMs to show up.
Ann
Hi,
we use the Checkstyle Exporter and just came across the same question.
Are there any news how these deprecated Exporters will be replaced?
Thanks!
Regards,
Carsten
Hello,
As of now, there is no plan to provide a feature to replace Exporters.
If I understand correctly, you used this feature to make sure all developers use the same active rules when they run Checkstyle, PMD, and Findbugs locally on their machines.
I can understand why you are still using Checkstyle, but why do you continue to rely on PMD and Findbugs while Sonar provides out-of-the-box rules that cover what these linters cover, certainly more accurately and you have with SonarLint Connected Mode automatically this sync of rules and issues.
Alex
Hi Alex,
Thank you for your reply.
I think the Findbugs exporter is only there in the interface for historical reasons. Of course Spotbugs is running in the background with various plugins.
I am currently using the following plugin. GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube
Are you sure that SonarLint has most of the rules from the Spotbugs project included? Is there perhaps an official comparison that backs up your claim?
Currently, I have about 800 rules from the Spotbugs project activated in my profiles. The normal Sonar Way Java profile only has around 500 active rules. I have occasionally noticed duplications, but Spotbugs usually finds more issues.
I find it sad that SonarQube is removing such simple functions instead of promoting them. Do I now have to store everything in separate XML files in some Git repositories and sync them regularly with SonarQube? This is definitely a big step backwards and feels so 90s. Especially since there is no real alternative.
Best regards
Philipp
We have a custom Quality Profile containing Checkstyle rules. We extensively use the Checkstyle Exporter capability on our custom Quality Profile to get a URL reference to the Checkstyle rules from the SonarQube Quality Profile. This Checkstyle Exporter URL is set on the Checkstyle settings configuration property â<checkstyle.config.location>â. This allows developers/teams to preform Checkstyle Check using the Checkstyle rules from SonarQube without having to do a full SonarQube scan. Looks like Checkstyle Exporter has been removed starting with version 10.14.1 and greater of the SonarQube Checkstyle plugin.
Why was it decided to remove this simple but useful feature?
Now we will have to stay with older SonarQube Checkstyle plugin until we have communicated the removal of Exporter capability and our dev teams have removed its use.
Question above was legitimate and I think it is still valid.
I kicked the can down the road, but canât find any explanation and/or suggestion on what is the alternative - sharing same ruleset (Checkstyle, PMD, Spotbugs) within team as well as CI.
Hi @lukas0krupa , @Carsten_HB , @Reamer
apologies for the delay.
I have checked the engineering team, and I understand that you can use the api/qualityprofiles/backup endpoint for this purpose.
Could you give it a try and let me know if it serves your use case?
Many thanks,
Joan
Hi @jibiel ,
Link seems to work, but not sure if it helps. I only tried it with Checkstyle (suggested elsewhere as 1 of the tool that might be still usefull), but I canât get it working - supplying backup URL as configLocation.
I will keep you updated if I find a way. If anybody found a way, please let us know ;-).
Hello @jibiel,
Thank you for raising this important issue as a SonarSource employee.
The backup endpoint exports all qualityprofile rules and returns XML. However, the structure of the XML is completely different and therefore cannot be loaded by the Checkstyle, Spotbugs/Findbugs, or PMD Maven plugins.
For this reason, the backup endpoint is not an alternative.
I tested the API with a fairly old version of SonarQube (v9.9.6), but I donât think newer versions really change the behavior of a backup endpoint.
Best regards
Philipp
Hi @lukas0krupa @Reamer Thank you for the feebdack.
I will need to check internally what alternatives we can provide moving forward.
Joan
Hello @jibiel,
Have you been able to achieve anything yet? I have now updated my SonarQube server to the latest LTA version and am now receiving problem reports from developers due to the missing Checkstyle exporter.
The Checkstyle plugin removed the exporter due to deprecation in the following PullRequest.
Unfortunately, I am not aware of any alternatives.
Best regards,
Philipp
