We’re evaluating the cloud options with the goal of transitioning from the community edition. Our internal security team uses the Issues tab in the menu bar at the top to identify security issues of concern. They also rely on the Dependency Checker to identify dependency issues from nuget packages, etc. that our teams are consuming.
Using the cloud version how do we access the cross project issues for our organizations projects? Also, does the cloud version include Dependency checking? If not, are there plans to add it in the near future?
This tab is not available on SonarCloud. You can sort your organizations projects by security to find the most vulnerable ones. In addition, it should be possible to use the API to issues from each project.
There are currently no plans to add dependency checking to our products.
This is a disappointing response about the cross-project issues. My team recently moved from the community-free SonarQube to SonarCloud for many good reasons, but did not know about this particular missing feature from SonarCloud until we moved. We have gotten quite used to looking at all project issues of a specific kind and we have over 20 projects. Plus we have been using the Jira Sonar plugin to map issues to Jira Stories. Unfortunately, when you click on the plugin link for all issues across all projects, it takes you to My Issues which displays no issues because they have not been assigned to me. SonarQube takes you to a list of cross-project issues. At the very least, this plugin should be enhanced to support SonarCloud better. Maybe show a list of issues by project at least. But ideally, I would prefer feature parity between SonarQube and Cloud. Any chance, you have changed your mind about this missing feature?
Could you share more information about your use case? What kind of issues are you looking for and what are the actions you want to take?
As far as I know there is no official plugin for Jira that is developed by Sonar. And I agree that there are better places to link to in that case than the My Issues page.
We do not plan any changes in this regard in the short or mid-term, but are gathering feedback from our users on this to better understand the need.
We are looking at all types of issues across very old Java projects. Lots of un-clean code. Trying to group the issues into Jira Epics/Stories that can be tracked by agile processes. We are using a plugin that Atlassian wrote (SonarQube Connector for Jira | Atlassian Marketplace) to help create these epics/stories from the Sonar issues.
I have put in a request with Atlassian to improve this part of their plugin.
I don’t understand why SonarCloud does not see the value in the cross-project listing, considering SonarQube has this ability. After working with SonarQube for years, having this feature is a reasonable expectation. The only way we have cross-project visibility is now with this Jira plugin.
Our company has decided to start paying for SonarCloud recently, but we were using the free SonarQube version, which has more features. We may decide to switch back to SonarQube without this feature. Just depends on whether or not we can work around it somehow.