Must-share information (formatted with Markdown):
- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
- what are you trying to achieve
- what have you tried so far to achieve this
We were using SonarQube 6.1 for the past few years, and now we have been upgraded to 8.2. We are seeing a significant reduction in bugs, vulnerabilities, code smell etc. as it’s more than 50% we are worried about the application quality.
Could you please help us to analyse the differences between 6.1 vs 8.2 Java language rules changes?
We could extract the rules set for 8.2 using service APIs available, but not for version 6.1. Please help us.
Welcome to our community!
Could you share a bit more information like version of sonar-java and screenshots of where you find the number of issues in your SonarQube?
Are you talking about the number of issues in your Overall Code or in your New Code, following the Clean as you code philosophy of the product?
Thanks for your reply.
Development environment: jdk1.8.0_171
IDE: Eclipse 2018-09 (4.9.0)
SonarQube: Developer Edition Version 8.2 (build 32929)
Issue Log snapshot of 6.1 version
Issue log snapshot of 8.2 version
Comparing an old version like 6.1 and our almost-latest release (8.3 was released last week) is hard, as there can be a lot of reasons why you have these screenshots.
Few questions to try to help you:
- have you upgraded from 6.1 to 8.2, and re-analysed your project on 6.7 ex-LTS and 7.9 ex-LTS, as mentioned in the documentation?
- have you started from scratch your 8.2 SonarQube server?
- do you have exactly the same analysis scope on both screenshots?
- do you have the same Quality Profiles? (some rules changed and/or were added with the different versions of SonarQube, especially since 6.1 was released, ages ago…)
- Can you check your logs in DEBUG mode to see if you see anything there, that can help you?
I may forget things, but for sure my technical colleagues and/or some SonarQube users here can add information or help to this thread, if needed.
Thanks for your quick reply Carine.
- Yes, we have upgraded from 6.1 to 8.2. We have not re-analyzed the project in 6.7 ex-LTS and 7.9 ex-LTS. Could you please share the documentation link?
- No, Its upgraded from 6.1 to 8.2
- Yes, analysis scope is for the same project in Java.
- We dont have the quality profile reference that we used in 6.1. But our worry is that with introduction of new set of rules, the issues count should have increased.
- Could you please share the steps to do debug mode analysis?
- the link for reanalysis while upgrading is here
Few information: when you upgraded from 6.1 to 8.2 without reanalysing your projects, you missed that step which is important to “keep the history” of your issues.
And, for sure, Quality Profiles have changed a lot as between 6.1 and now (almost 2,5 years), we removed some rules that were replaced by new ones, more accurate and relevant. If you haven’t changed the QP, then the number of rules is different, which leads to an unexpected result for you.
What you can do is to analyse your Java project in your new 8.2 SonarQube with a new ProjectKey. It will be analysed as a full new project, clean, without any history.
Then, share the screenshots of your results here.
For the DEBUG mode, you’ll find all the needed tasks to do in our documentation, under the Scanner doc: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/ (if you use the SonarScanner).
Let us know how things are doing!