SonarQube and SonarCloud rules differ


Please forgive me if this is a duplicate question, but I could not find an explanatory answer so far.

We are currently running Sonarqube - Community Edition - Version 8.9.6 (build 50800).

Recently we noticed that the set of rules, is not the same between Sonarqube and Sonarcloud.
For example rule: S6212 was recently removed from Sonarcloud: [SONARJAVA-3870] Remove S6212 from default quality profile. - SonarSource . However, it still resides on our Sonarqube instance, rising an info level Codesmell.

I know that Sonarqube and Sonarcloud are not the exact same thing, and I also know that we can de-active rules on our instance anytime.
I was just wondering why the rule-set differs between the two.
In addition, is there any way that we can be quickly and easily informed when such changes occur on Sonarcloud, so that we can apply them on our Sonarqube instance if necessary.

Thank you in advance

Hey there.

SonarCloud is always running the latest versions of our code analyzers, while SonarQube is fixed to the version that was available when SonarQube is used.

In order to allow for more consistency between the two, you’re probably better off running the latest version of SonarQube, which will have versions of the analyzers that more closely match what is deployed on SonarCloud. Not only the built-in Quality Profiles can differ, but the actual rules themselves can as well (for example: fixing false-positives/false-negatives).

You can also view the Changelog of Quality Profiles on SonarCloud.

Hello Colin,

Thank you for this detailed explanation.
You’ve made everything perfectly clear.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.