Missing Rules in version SonarQube 8.5.1 for Python

Hi, I was using SonarQube Community Edition (8.4.2) and recently updated to version 8.5.1. However, when I check the rules list for Python, the number of the rules are far less then the previous version. Is it a bug? Should I continue to use the previous version, or is there way to get the full set of rules in the newer version?

Version 8.4.2 - 493 Active - 40 Inactive rules.
Version 8.5.1 - 155 Active - 12 Inactive rules.
These are not custom rules. I was able to create a new quality profile and active the existing rules for it.

Thanks!
Noyan.

Hi Noyan, welcome to the community!

SonarQube 8.5.1 Community Edition ships with 167 rules for Python. SonarQube 8.4.2 did not ship more than that and certainly not 533 Python rules.

I suspect you had one or several community plugins installed, which added the reminding rules. We may be able to check the reason for this depending on how you upgraded. Are you using the Docker image or installing via zip?

1 Like

Hi Daniel,

Many thanks for the quick reply.
I am installing it via zip, so they are independent of each other.
It seems that there are plugins installed as you mentioned, so it should be the reason.

But there are 174 rules in this link: https://rules.sonarsource.com/python
What could be the reason for the missing 7 rules?
Also, am I good to go for PEP8 if I just comply with the 167 rules?

Many thanks!
Noyan.

The reason are Security related rules only available on Developer Edition and above.

Some of the rules shipped in SonarQube can help you comply with PEP8 style guidelines, but this is probably not enough to say “you are 100% PEP8 compliant”, which is not the main focus of SonarQube analyser for Python.

However there are ways to integrate with other tools (e.g. Pylint) to enforce as much as possible a PEP8 compliant coding style: I would highly recommend you to read this other Community post (which talks on the case of SonarCloud, but most of it applies to SonarQube as well) and this one specific to SonarQube.

1 Like

Hi @funnelweb,

Just to complete @Daniel_Meppiel’s answer, we previously had a stronger integration of Pylint. Every Pylint rule was displayed in SonarQube/SonarCloud. This was creating some confusion as you had to activate Pylint rules in Pylint configuration and SonarQube/SonarCloud quality profile. Thus we decided to simplify Pylint integration. Its rules don’t appear in SonarQube anymore, but Pylint reports can still be imported. You only need to activate the rules in Pylint configuration.

Note however that we improved SonarQube/SonarCloud/SonarLint python analyzer a lot during the last two years. We believe that in most cases, projects won’t need Pylint or any other linter.

If you want to be PEP8 compliant I recommend to import issues from flake8 and activate styling rules. Our python analyzer focuses mostly on bugs, vulnerabilities and code smells, not on styling.

Cheers,
Nicolas

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.