Mid last week, our primarily JS/TS repo had a spike of almost 200 issues! I’m unsure why–we did not change our rules or quality profiles. We’re pretty strict about addressing issues, so to have such a spike in one days is very jarring for our small team. Does SonarQube update rules in the default profiles behind the scenes? If so, how can I be notified of such changes?
Only 54 Issues Created This Year
2,928 Issues on 4/2
3,104 Issues on 4/3
Hey there.
SonarQube Server does not update rules behind the scenes. You have to have upgraded your SonarQube instance for the rules to suddenly become “smarter”. You can double check that your Quality Profile hasn’t changed by looking at the changelog.
A dear colleague just pointed out to me that you use SonarQube Cloud! Yes, rules are regularly updated, and may either find more issues (because the rules got smarter), or new rules could be added to the Quality Profile you use (if you use a built-in QP). You can still double check that your Quality Profile hasn’t changed by looking at the changelog.
If you come up short there, the below is still valid:
I’ve looked into and checked those things, and I see nothing out of sorts. I ran a diff in the Scanner Context and the only change (besides a time stamp) was sonar.projectVersion=v8.33.0 changed to sonar.projectVersion=v8.34.0.
The new funky thing is, as of yesterday, all those other random issues have now gone away despite us not doing anything. This must have been some sort of bug or glitch in SonarQube that sorted itself out.
Would it be possible that the spike and decrease of issues is due to the presence and removal of the architecture rules?
I opened a thread a few days ago about rule S7197 - which I suspect is fundamentally flawed - and I wonder if the spike is related to this rule.
If @turkeytrot is using the default quality profile that includes these rules – sure.
The rules were redeployed. Maybe @turkeytrot22 can tell us if the issue count went up again, and show what those issues are.
Yes, the issue count did go back up again. We do use the default quality profiles with some minor tweaks.
How can I determine which rules are newly included or not? If I filter by creation date, it only shows issues for new code, but if one of the issues we’re searching for is on code from years ago–I don’t know of a good way to find it.
