which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube Version 7.9.2 (Enterprise Edition)
sonar-scanner: 4.3.0.2102
sonar-maven-plugin: 3.4.0.905
what are you trying to achieve
I would like to run sonar-scanner (https://repo1.maven.org/maven2/org/sonarsource/scanner/cli/sonar-scanner-cli/4.3.0.2102/sonar-scanner-cli-4.3.0.2102.zip) with a different profile to the one thats set on the server. We are in the process of fine tuning all the rules for the various programming languages that we use in the organization. So we would like to give developers a means of running against the new profiles that are due to go to production, this way they can analyze and resolve all the technical debt before the production cut-over date.
We run sonar-scanner as follows: sonar-scanner -Dsonar.projectKey= -Dsonar.projectName= -Dsonar.projectVersion=1.8.0 -Dsonar.host.url= -Dsonar.links.ci= -Dsonar.sources=src/ -Dsonar.sourceEncoding=UTF-8 -Dsonar.working.directory=target/sonar/ -Dsonar.tests=test -Dsonar.javascript.lcov.reportPath=dist/report/coverage/lcov.info -Dsonar.login=**** -Dsonar.userHome=/opt/.sonar -Dsonar.branch.name=feature/Sprint22.4-fix -Dsonar.branch.target=master
So I am looking for a way to tell the above command to scan against a specific profile on the server; hence over-riding the current profile thats set on the server for that project.
We also use Maven Sonar plugin for our Java projects, so would appreciate if you can shed some light on how I can go about doing this using Maven too.
what have you tried so far to achieve this
I tried to use -Dsonar.profile as a param to the sonar-scanner but that did not work; this may be deprecated.
sonar.profile had been deprecated for years before we finally dropped it altogether. What youâll need to do is give your developers admin rights on their projects; they can make the edits via the UI & then put the values back when theyâre done.
Hi,
Am I alone to think that this drop is a huge mistake ? I am Product Owner of the part âsoftware factoryâ in my firm and my goal is to offer librairies (under jenkins pipeline library format) to help dev teams to build their pipeline based on small pieces. One of this piece wrapp a stage Sonar where dev teams can set their quality profile. We have many quality profiles for one language and according to dev team context they need to change it dynamically.
I see this drop as a waste of time for my developpers. I canât give quality profile admin right for every developer for each project. It means they can change rules of the game as they want. In my understanding by doing this we donât encourage quality practice at firm level.
According to my experience, only few senior developpers can have those rights in the purpose to change priority, rule content etc because of a decision of a Sonar Community Practice inside the firm not by their project needs⊠And those senior dev canât be asked at each build of each project of their teams to change quality profile by setting it in the UI. It breaks the automations process.
I hope by reading this post, you can understand why I consider your decision as a very bad thing. So could you enlighten me by explaining me why you dropped it ? Thanks.
Similar issue with the reference branch. For some reason more and more configuration is moved to manual steps in the UI though its all about automation these days.
To be clear, this setting was dropped in SonarQube 7.7, released in March 2019 - over two years ago. It was originally deprecated in SonarQube 4.5, released in September 2014. So this feedback feels a bit late, to put it mildly.
It would be interesting to understand the use case for dynamically applying different standards (rules) to the same project. I urge you to open a âNew featuresâ post to share your reasoning.
Sorry, but isnât that what you just described by allowing them to pick a different rule set âdynamicallyâ? And to be clear, no one is saying you should give them edit rights on Quality Profiles but on their own projects.