we are currently planning to upgrade to version 2025.1 and have 2025.1 installed on our test server.
On our prod server we still use version 9.9.8.
We are using the maven scanner, version 5.0.0.4389.
After doing a lot of scans with 2025.1 I noticed that we are now getting a lot of issues in test code (src/test/java…) from rules which are not flagged as “Test”.
In version 9.9.8 I can still see that we only had issues of rules which have the “Test” tag. With the new version I suddenly get a lot of other issues for rules which are not flagged as “Test”. Two examples are rules java:S1186 and java:S115. For this rule we suddenly have lots of issues in files in src/test/java/… which should not be the case. I am not sure if all rules are affected or just some.
I suppose also with version 2025.1 everything in src/test/java should still be treated as test code, right?
So, the “tests” tag will not return you all the rules that are targeting test code. You can check if a rule targets test, main, or both types of code by the rule’s “analysis scope”.
Sadly, you cannot filter by scope to check all rules which target test code.
The two rules you mentioned appear to have scope = All since a long time, but they were not really part of test rules (they were mislabeled). Here
you can see their metadata in the sonar-java version released with SQ 9.9.8.
More recently though, we switched to a better system where rules will always target the code stated in the metadata scope property, so if a rule on SonarQube says Analysis scope: All it will target both main and test code, and so on.
So to sum it up, your code is being correctly categorized, but those 2 rules, as many others, now target both main and test code.
thanks a lot for the fast feedback. I understand now that there was a change in behavior and test rules can no longer be identified by the tag, but only by checking the Analysis Scope.
And together with this change now some rules are applied to test code which were not applied to test code in release 9.
Is this documented somewhere? I did not notice it when looking through the release notes.
Personally I like the idea of showing the Analysis Scope and think it is more intuitive than the previous handling. But I don’t like to be surprised by such changes which affect all our projects when moving from 9.9 to 2025.1.
And I see the need to have the possibility to still somehow identify all rules which are applied to test code. So you should either add the “test” tag to all rules which target test code or add the Analysis Scope to the filters which I would prefer.
Would also be good to see this property in the export of the Quality Profiles.
You can follow this thread to be up to date with new releases of test rules.
Sadly there is no way in the products to filter rules by scope at the moment
For the test tag, its meaning is to highlight that a rule is about testing best practices or testing frameworks (assertions, junit, mocking, etc..). But rules like “Unused method parameters should be removed” should not be tagged as “test” but should still raise issues on test code.
Ideally, almost all Sonar rules should target also test code, as it is still code that will need to be maintained and used by developers, this does not mean that we should tag all rules as “test”, as the tag itself would lose its meaning
