hi
I have a question about how Sonar is showing me the total number of issues and when you drill down into the actual issues when you have a NEW Quality Profile where a Severity is changed
so you see a number like 1 showing up under Issues tab, but when you click on it, the project is NOT using the Sonar’s default quality Profile and this issue is NOT the same severity no more and it is lower now.
How can we make sure the Issues Tab and Detail is using the RIGHT Quality Profile that is the new default profile?
I’m having a hard time understanding your question. Can you share some screenshots displaying the issue, as well as mentioning the version of SonarQube being used (as requested in the template post)?
Apologies for the delay; I assumed our team had already reached out to you regarding this matter. I’m sharing screenshots of the New Default Quality Profile, where some rules have been adjusted from High Severity to Medium (Major). As a result, when we run our code through Sonar, we expect the statistics to reflect the updated severities.
We’re in the process of integrating Sonar with our ADO CI/CD pipeline to trigger different actions based on High and Medium severities. However, this mismatch in severity levels is currently preventing us from moving forward with the integration.
Best regards,
Ali
here are 2 screen shots, as you see this C# Rule is no longer a High severity in the new Quality Profile.
but it is still showing up as High on the dashboard/stats.
somehow the Dashboard can’t identify the default quality profile.
FYI: our current version is 10.3 and we will upgrade to 10.6 this next 7 days.
I think you’re confusing two (admittedly very similar) concepts.
When you edit the Quality Profile, you change the old, single severity (info, minor, major, critical, blocker) that is applied to every issue of a given rule in the Quality Profile. You can actually see this severity reflected in the issue.
What I think you’re really trying to change is the Issue Impact—a new way of displaying severity with only three values (low, medium, and high) and assigned to a software quality. An issue can be associated with multiple software qualities with differing issue impacts (medium impact on reliability, high impact on security, as an example).
You can read a bit more about this change here:
Issue Impacts are not modifiable today, and I’m not sure they will be tomorrow.
That said, we’re currently reviewing these changes before our LTA release this Fall (we know they have been disruptive for some users), and I’ll flag this thread for our PMs.
Can you explain your motivation for changing the severity on the rule? Is it to prevent QGs from failing, because you regularly filter on issues of a specific severity…
hi Colin, thanks for your reply. I am almost certain that I am not confusing the two concepts. The “Severity” is the I wanted to use to halt our CI/CD pipeline when our developers introduce New High Severity issues.
Let me ask you another way. I have a Project, let’s say, current SonarQube’s default C# quality profile has 310 rules, and I create a copy of it and name is “MyNewCSQFCopy” and in there I change some of the Severities and also Disable some of those Rules (so I have 299 active ones).
I want to scan my Project/Code with this new “MyNewCSQFCopy” quality profile and also see the dashboard based on this new “MyNewCSQFCopy” quality profile. Can your site do that?
so basically the issue is we want to run the Sonar and evaluate the codebase against the “modified” quality profile, not Sonar’s original one. if you go back in my previous posts, you can see that we have used the Sonar’s as the base but changed 38 of its C# and lowered the severity of them to either Minor or Medium and therefore we do not want the dashboard to show the ‘issues’ as High anymore.
this is the comparison between the quality “Profile” between the original Sonar’s way and our desired Profile which we wish to use and make Dashboard and Detail stats consistent
Okay. So it’s exactly what I described back in August.
In SonarQube v10.7 (and other v10.x versions) it’s not possible to adjust issue impacts like the older issue severity. This is something we will probably revisit very soon, so stay tuned.
