Sonarqube scanner skip rules

(sangeetha palanivelu) #1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) Sonarqube 7.6
  • what are you trying to achieve - to run sonar analysis by skipping the rule S2091
  • what have you tried so far to achieve this - Sonar analysis for one of the .net project recently fails after the upgrade to 7.6. Currently I do not have admin access to the project. Hence I cannot remove the rule from UI end. Is there an option to remove security rule S2091 during the sonar scan process or can you please let me know the process of identifying the files which results in S2091 entry points, so that I can skip the same and complete the sonar analysis
(G Ann Campbell) #2

Hi,

All the rules in the relevant profile are going to run at each analysis. The only way to accomplish your goal is to either disable the rule from the profile (requires either global admin, or admin on the specific profile) or to create another profile without that rule and assign the project to the profile.

Note that if you’re using a Sonar way profile, you won’t be able to remove any rules from it even with admin access; built-in profiles are immutable. So if you are using Sonar way, your only option is to create a second profile and either make it the default or explicitly assign your project to it.

 
Ann

1 Like