Some issue cannot be resolved as "won't fix"

Jonas_ftq · December 5, 2022, 12:44pm

We sometimes have false positives or issues that we decide not to tackle. We never had a problem with “resolving” them and leave the status green.

Today, there is an issue that we want to ignore, but the UI does not let us. If this example:

As you can see, the first issue has the “open” button with a chevron, and the second issue does not have the chevron, and is not clickable. There our PR is blocked and cannot be merged.

Is it because the issue was imported with an external analyser, in our case Detekt? Is there a way to also ignore issues from external analysers?

Thanks

Colin · December 6, 2022, 2:56pm

Hey there.

It’s true that external issues can’t be marked false-positive/wont-fix in SonarCloud – we suggest marking them as False Positive / Won’t Fix in the source tool.

Are you using the Scanner for Gradle? I would guess you’re affected by this change which automatically configures the report path.

There’s no graceful way to turn it off (and I’ll flag this for attention as a result) – and, can you tell us why you produce these reports but don’t want them imported to SonarCloud? I’d be really curious to know.

Jonas_ftq · December 7, 2022, 3:25pm

Yes we are using Scanner for Gradle. But configured it to include Detekt on purpose. We are not affected by the change you mentioned.

We have a really old codebase that has some tech debt. We configured to run Sonar + included Detekt. Sometimes we have to change an old file. Editing this file will trigger an analysis of this file and “old” issues will appear. If you change one single line in this file, but the file has many issues detected, you can end up in cases where the “Tech debt ratio” is too high, and the quality gate is bad, and the PR is blocked. Even though you did not touch the majority of the file, the quality gate is bad.
In such cases, we would like to keep the issue as this is a real issue, but we don’t want to be prevented to merge.
Does my use case make sense?

Colin · December 8, 2022, 9:07am

And in this instance, the root problem to fix is probably “the entire file is detected as new” rather than “be able to close external issues”.

Is it possible you renamed the file in the pull request?
Did Detekt detect the issue(s) before you changed the file (such as when you run it on your main branch?)
Is the target branch analyzed in SonarCloud?

Jonas_ftq · December 14, 2022, 10:59am

Alright, thanks to your latest reply I dug a bit deeper and realized that the issue itself was not present before. Our change did trigger a new issue from Detekt, that was passed to Sonar.

But this does not change my initial problem. Our “simple” change added a new method in the class, which triggered a “method count” error from Detekt:

Class ‘XXX’ with ‘11’ functions detected. Defined threshold inside classes is set to ‘11’

(Don’t ask me why the default value of Detekt is 11. We’re just in the infancy of using it)

Therefore we are left with two choices:

Refactor the whole file so that the Detekt errors is “correctly” removed
Admit that this is an issue caused by current tech debt, and mark the issue in Sonar as “won’t fix” for now.

Option 1 is not an option in the context of the Pull Request, and Option 2 does not work in Sonar.

I guess this is something Sonar cannot help with (apart from letting us resolve external issues) so we will have to deal with it otherwise.

Thanks!

Colin · December 15, 2022, 8:55am

You can also suppress the issue from being raised by Detekt at all)!

Jonas_ftq · December 15, 2022, 3:50pm

Yeah, I will be exploring that option. Thanks!