Older issues still categorized as bugs instead of code smells after killing the noise plugin upgrade

Hi guys!

Using SonarQube LTS (6.7.4) and we notice that there are issues that are not computed as they should be. We are using SonarJava 5.3.

A lot of issues are reported as bugs, but they should be reported as code smells. Find attached a screenshot.

If we run a new analysis everything is computed as expected, and the number of bugs, vulnerabilities and code smells are different.

Is this a bug? Is there any way to “compute” again those issues in the project without losing history?

Thank you very much for your help!

This is the expected behavior. SonarQube doesn’t change tags and priorities of the created issues. Why? Because you can change them manually. For example, you think that something is very important. Default severity is minor, you changed it blocker and you still want to see it as the blocker after a next analysis. The same situation is with rules priorities in quality profiles. If you activate rule with default major severity, and after an upgrade, the default severity is changed to a minor, then still rule is activated with major. Why? Because your team can think that this rule is more important, so SonarQube won’t change it.

Mmm, but I don’t see the point. It doesn’t make sense for me.

What’s the point of giving two different results of an analysis for the same base code and the same quality profile?

The main problem is that “new issues” will be detected as code smells, but older ones are still bugs. So this lead to a misunderstanding. I understand that you may want to keep the rule as a bug, but then it should detect new issues as bugs to be coherent, and it shouldn’t detect them as code smells.

I don’t think this is a feature…

Hi guys,

In the case that the type of the rule did change in the past (e.g. from bug to code smell), then this is in fact expected behaviour. If a new plugin version changes the type of a rule, then existing issues of that rule will not be updated, only new issues (found afterwards) will have the latest type.

The behaviour is like that for good reasons, which you could qualify as ‘reduce noise and impact’: if all issues types would be updated (e.g. for a rule changing from bug to code smells), then your developers would see a sudden increase of Bugs after analysis, although the code might have not changed much. This could be badly perceived, could undermine trust in the tool, and more generally speaking it would create a confusing history timeline, with sudden drops and spikes in various measures.

A quick note on the potential impact: the general recommendation is to focus on New Code (Fixing the Water Leak), therefore focus on new issues, which de-facto have the latest/accurate type (potentially checked in your Quality Gate).

To your question then Antonio:

It’s all about historical data, and the fact that rules/types may have been different in the past, and the history of such a project needs to remain as consistent as possible (per above), contrary to a fresh new project which can directly be based on all latest data.

2 Likes

Hi Nicolas!

Thank you for your feedback! We know that we must follow the fix the leak strategy, but the user interface should be consistent.

Let me show you one example:

If SonarSource says that’s ok, then for me it’s ok, but as you said, this could be badly perceived, could undermine trust in the tool, and would create a confusing sense of “what is this? a bug or a code smell? the tool is confusing”.

Advanced users should be ok with this behaviour (they focus on the leak and they just use SonarLint), but maybe the newbies are confused (or even managers).

We think it’s better to tell your users that the quality profile is going to change, give them all the details (rules that no longer exists, rules that will be replaced with new ones, severity changes and issue type changes) and then make the change.

But if you still think that this is the expected behaviour, then it’s ok. We just wanted to check if this was a bug or a feature :slight_smile:

Thanks again for your feedback!