We are planning to purchase the Enterprise Edition, and we have a few questions about best practices in order to prepare for SonarQube:
- What and when to upgrade Sonar Scanner? Is it the best practices to always upgrade the scanner after upgrading SpnarQube
- What are the best practices for upgrading plugins since they released in a pretty fast pace? We can always upgrade in the TEST environment, but in PROD they required a change ticket for this, and it could take a week.
- Who and how to determine rules/quality profiles/quality gates that need to active/inactive? We are not developers, so it is a little bit tricky if a .NET team or a java team ask to disable certain rules in their project, because we would have no idea.
- What are the best practices to manage 250 developers with ~400 applications? How do we scale?
- Who should have permission to set status of issues/bugs/vulnerabilities?
- Can sonar user set status of issues/bugs/vulnerabilities?
- Language plugins once updated will not automatically added to the quality profiles? So how do we review and decide which one to activate once plugins are updated?