Exporters are deprecated

Hello SonarQube team,

I had to notice with the update that exporters are deprecated.
We use this great feature very often and export the Checkstyle, Findbugs, PMD Rules to keep the security of our software always high. With exporters, it is possible for the whole team to access the configured rules in SonarQube as a single source via Maven/Gradle.

What are your alternatives so that no function is dropped?

Hi,

It’s not clear to me what you mean by “exporters”. Could you provide a path through the UI or perhaps a screenshot to make it explicit?

 
Thx,
Ann

Hi Ann,
no problem. I mean the following exporters.

1 Like

Hi,

Thanks for the screenshot. I guess these only show up if you’ve got one or more of those plugins loaded, which the instance I was looking at didn’t.

Unfortunately, I can’t answer the question. So let’s wait for the full-time PMs to show up.

 
:sweat_smile:
Ann

Hi,

we use the Checkstyle Exporter and just came across the same question.
Are there any news how these deprecated Exporters will be replaced?

Thanks!

Regards,
Carsten

1 Like

Hello,

As of now, there is no plan to provide a feature to replace Exporters.

If I understand correctly, you used this feature to make sure all developers use the same active rules when they run Checkstyle, PMD, and Findbugs locally on their machines.

I can understand why you are still using Checkstyle, but why do you continue to rely on PMD and Findbugs while Sonar provides out-of-the-box rules that cover what these linters cover, certainly more accurately and you have with SonarLint Connected Mode automatically this sync of rules and issues.

Alex

Hi Alex,

Thank you for your reply.

I think the Findbugs exporter is only there in the interface for historical reasons. Of course Spotbugs is running in the background with various plugins.
I am currently using the following plugin. GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube

Are you sure that SonarLint has most of the rules from the Spotbugs project included? Is there perhaps an official comparison that backs up your claim?

Currently, I have about 800 rules from the Spotbugs project activated in my profiles. The normal Sonar Way Java profile only has around 500 active rules. I have occasionally noticed duplications, but Spotbugs usually finds more issues.

I find it sad that SonarQube is removing such simple functions instead of promoting them. Do I now have to store everything in separate XML files in some Git repositories and sync them regularly with SonarQube? This is definitely a big step backwards and feels so 90s. Especially since there is no real alternative.

Best regards
Philipp

1 Like