SonarQube best practices


(Toan Vo) #1

We are planning to purchase the Enterprise Edition, and we have a few questions about best practices in order to prepare for SonarQube:

  1. What and when to upgrade Sonar Scanner? Is it the best practices to always upgrade the scanner after upgrading SpnarQube
  2. What are the best practices for upgrading plugins since they released in a pretty fast pace? We can always upgrade in the TEST environment, but in PROD they required a change ticket for this, and it could take a week.
  3. Who and how to determine rules/quality profiles/quality gates that need to active/inactive? We are not developers, so it is a little bit tricky if a .NET team or a java team ask to disable certain rules in their project, because we would have no idea.
  4. What are the best practices to manage 250 developers with ~400 applications? How do we scale?
  5. Who should have permission to set status of issues/bugs/vulnerabilities?
  6. Can sonar user set status of issues/bugs/vulnerabilities?
  7. Language plugins once updated will not automatically added to the quality profiles? So how do we review and decide which one to activate once plugins are updated?

Thank you

(Nicolas Bontoux) #4

Hi Toan,

Given the variety of questions here, and as they all pertain to your evaluation of the Enterprise Edition, I think it makes sense that you first discuss this directly with the SonarSource contacts you’re in touch with. They’ll be able to give you a first walkthrough, in a more customized way with respect to your setup and objectives.

Ultimately some of the points here can of course be interesting to discuss/exchange with the overall community, however mixing them all in one topic will not allow for a structured discussion. My suggestion would be therefore that you get a first big picture directly with SonarSource (as part of your EE evaluation process), and then for individual topics you may of course review/seek discussion community discussions (in which case it’ll be important to keep it structured with one topic per thread, following our welcome recommendations).

Hope that all makes sense, enjoy your Enterprise Edition discovery with SonarSource!