Permanently ignore a rule

scanner
html

(Matt Wanchap) #1

Hi, we’re pretty new to SonarCloud and love it, especially the Azure Devops integration, but one thing that is getting a bit frustrating is that for every PR containing HTML it keeps creating the same false-positive issues over and over again. The main rule it keeps applying is Web:BoldAndItalicTagsCheck, which keeps incorrectly flagging fontawesome icons (e.g. <i class=“fas fa-times”></i>) as violations. It’d be really nice if there was a way to just tell SonarCloud to ignore these? I’ve tried creating a separate quality profile but I can’t find any option to remove/ignore the rule entirely, all I can see is to change the severity of created issues. How can we deactivate this rule?


(Nicolas Harraudeau) #3

Hi @mwanchap,

Thank you for your feedback and your nice comments.

The Web:BoldAndItalicTagsCheck supports icon fonts via the addition of the aria-hidden="true" attribute as described in the rule description. I would recommend to use this attribute instead of disabling the rule. It will enable people with disabilities to have a better user experience, and this is also the way recommended by font awesome.

Regarding your problem with quality profiles, here are the steps to use all the rules from the “sonar way” quality profile except a few ones:

  • Go to your organization page, then click on “Quality Profiles”. You should see something like this.
  • Scroll to the HTML Quality profile. Click on the gear icon, then “copy” and provide the name of your new quality profile.
  • Once you are on the new Quality Profile page, look at the “Rules” section on the left. Click on the number of “Total” and “Active” rules. You will then see see the list of active rule. Deactivate the one you want.
  • Go to your project’s page and click “Administration”->“Quality Profiles”
  • Choose your new Quality Profile for the “HTML” language.

Note that you still need to reanalyze your project before the issues disappear.

Let us know if you have further problems with this rule or the quality profiles.

Best regards,
Nicolas


(Matt Wanchap) #4

Thanks Nicolas! My mistake, I was trying to deactivate the rule from the rule’s own page, rather than the “list of active rules” page. Appreciate you pointing me in the right direction.

We purchased SonarCloud to fulfil a security scanning requirement - I’m definitely not disagreeing with the idea behind the rule; it’s a valid point and we’ll come back to it when we have time in between deadlines… At the moment we just want the SC quality gate to block on the bug & vuln issues, which it’s already doing perfectly :slight_smile: