Quality profile must show ALL changes in change log

Hi,

after updating from Sonarqube 8.9.1 Enterprise to 9.1, i noticed the same Javascript quality profile has a substantial different number of rules in Sonarqube 8.9.1 and Sonarqube 9.1 => 29 vs. 19 !?

The quality profile hasn’t been changed before migration from 8.9 > 9.1 and the
changelog has no related entries.

We have / use a bunch of security quality profiles that are enforced by our security department.
I’ve already checked all these corners = changelog … etc. at the quality profile page.
The problem is, there aren’t any entries related to that difference between
29 rules in Sonarqube 8.9.1 and 19 rules in Sonarqube 9.1
I know that rules marked as deprecated may disappear between Sonarqube versions,
but that must be part of the changelog.

What should i tell our security team ?
They claimed 29 rules to be used in the quality profile, but ‘somehow’
there are only 19 rules left !?

You don’t want your customers have to dig github issues of the language scanners to get all changes !?
This must be part of the change log to be safe for revision.

Gilbert

Hi,

is this problem already addressed in
[SONAR-15132] Add a Quality Profile changelog on rule deletion - SonarSource ?

Gilbert

1 Like