Running sonar-scanner With A Different Profile

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube Version 7.9.2 (Enterprise Edition)
    sonar-scanner: 4.3.0.2102
    sonar-maven-plugin: 3.4.0.905

  • what are you trying to achieve
    I would like to run sonar-scanner (https://repo1.maven.org/maven2/org/sonarsource/scanner/cli/sonar-scanner-cli/4.3.0.2102/sonar-scanner-cli-4.3.0.2102.zip) with a different profile to the one thats set on the server. We are in the process of fine tuning all the rules for the various programming languages that we use in the organization. So we would like to give developers a means of running against the new profiles that are due to go to production, this way they can analyze and resolve all the technical debt before the production cut-over date.
    We run sonar-scanner as follows:
    sonar-scanner -Dsonar.projectKey= -Dsonar.projectName= -Dsonar.projectVersion=1.8.0 -Dsonar.host.url= -Dsonar.links.ci= -Dsonar.sources=src/ -Dsonar.sourceEncoding=UTF-8 -Dsonar.working.directory=target/sonar/ -Dsonar.tests=test -Dsonar.javascript.lcov.reportPath=dist/report/coverage/lcov.info -Dsonar.login=**** -Dsonar.userHome=/opt/.sonar -Dsonar.branch.name=feature/Sprint22.4-fix -Dsonar.branch.target=master

So I am looking for a way to tell the above command to scan against a specific profile on the server; hence over-riding the current profile thats set on the server for that project.

We also use Maven Sonar plugin for our Java projects, so would appreciate if you can shed some light on how I can go about doing this using Maven too.

  • what have you tried so far to achieve this
    I tried to use -Dsonar.profile as a param to the sonar-scanner but that did not work; this may be deprecated.

Thank you.

1 Like

Hi,

sonar.profile had been deprecated for years before we finally dropped it altogether. What you’ll need to do is give your developers admin rights on their projects; they can make the edits via the UI & then put the values back when they’re done.

 
HTh,
Ann

Hi,
Am I alone to think that this drop is a huge mistake ? I am Product Owner of the part “software factory” in my firm and my goal is to offer librairies (under jenkins pipeline library format) to help dev teams to build their pipeline based on small pieces. One of this piece wrapp a stage Sonar where dev teams can set their quality profile. We have many quality profiles for one language and according to dev team context they need to change it dynamically.
I see this drop as a waste of time for my developpers. I can’t give quality profile admin right for every developer for each project. It means they can change rules of the game as they want. In my understanding by doing this we don’t encourage quality practice at firm level.
According to my experience, only few senior developpers can have those rights in the purpose to change priority, rule content etc because of a decision of a Sonar Community Practice inside the firm not by their project needs… And those senior dev can’t be asked at each build of each project of their teams to change quality profile by setting it in the UI. It breaks the automations process.
I hope by reading this post, you can understand why I consider your decision as a very bad thing. So could you enlighten me by explaining me why you dropped it ? Thanks.

8 Likes

Similar issue with the reference branch. For some reason more and more configuration is moved to manual steps in the UI though its all about automation these days.

Hi,

To be clear, this setting was dropped in SonarQube 7.7, released in March 2019 - over two years ago. It was originally deprecated in SonarQube 4.5, released in September 2014. So this feedback feels a bit late, to put it mildly.

It would be interesting to understand the use case for dynamically applying different standards (rules) to the same project. I urge you to open a ‘New features’ post to share your reasoning.

Sorry, but isn’t that what you just described by allowing them to pick a different rule set “dynamically”? And to be clear, no one is saying you should give them edit rights on Quality Profiles but on their own projects.

 
Ann