Sonar profile setup for maintenance branches

Amish_Gupta · September 21, 2023, 5:08pm

Teams desire to “freeze” the sonar profile used for a program so that after its release into verification, when subsequent builds are run (e.g. for bug fixes), the risk of new issues being found by Sonar is minimized.

Similarly, when one program is finishing up and the next NPI is starting, teams should be able to take advantage of new Sonar checkers right away: we need Sonar to allow different branches’ builds to use differently configured profiles so that we don’t delay the rollout of new updated profiles just because the current program hasn’t finished verification.

Please suggest the options we can have or if its not feasible in this ver 9.9, Do Sonarqube have plans to introduce this as new feature in upcoming releases

Tom_Howlett · September 22, 2023, 9:32am

Hi Amish

Thanks for sharing, I have a few questions on this:

How do you see new issues at the moment whilst the program is in verification? Is it because new rules are added to the profile? Has SonarQube been upgraded during this period?
Do you use the Sonarway profile or do you extend or make a copy of it?

Thanks

Tom

Amish_Gupta · September 22, 2023, 1:14pm

Answer to your questions

profiles are versioned as we have different programs running.
we have custom profiles created by architects which was extended from sonarway profile

vivek.reghunath · October 4, 2023, 2:39pm

Hi Amish,

Can you clarify #1, while in verification, Is there a change in the Quality Profile happening?
I am trying to understand the reason for new issues detected. Can we exclude the potential reasons mentioned by Tom?