When browsing rules on the Rules tab, if I click on a rule which is a vulnerability, bug, or smell, the page has a description of the rule, followed by a list of quality profiles with the activation status of that rule in each profile, and finally a count of total violations of the rule and a breakdown by project, something like
But if the rule is a hotspot, the counts are missing.
This is not a bug, we did it on purpose. If you put yourself in the shoes of a developer, you will hopefully realize like us that this “Issues” + “Most Violating Projects” section don’t make sense in the Rules page. This section corresponds to no identified use case that could help developers to do a better job.
It may answer to 1% of the need of the Quality Manager dealing with quality overall at the company level but honestly it just by luck that this “Most Violating Projects” section was added years ago not because we identified a real need.
What is your role in the company you are working for? What you are trying to achieve by trying to get this “Most Violated Projects” for Security Hotspot rules?
I’m in devops and I administer SQ, so I frequently go over rules, especially as we’ve gone through a few upgrades and our profiles are consequently out of date, and I’m working on updating them. It’s convenient to see at a glance how relevant a given rule is. For instance, if I see that a rule has no violations, I may just turn it on if it’s in Sonar way. I created a profile where I literally turned on ALL the rules, which lets me answer the question: if I turn on rule xxxx, will I have new issues that then need to be explained? (See Transitional state when activating rules - #2 by MisterPi for my suggestion of what to do about that.)
Regular developers normally don’t browse the rules tab. At least, we don’t encourage it.