Various suggestions

As a new sonarcloud user I have found some frustrating issues that I would like to report:

  • First of all, its really really hard to find where I can submit features, why not have a way to quickly submit feedback within the application? Don’t you want feedback?

  • Configured my scan using the provide Github action script, but directly I am presented with this warning, can you please update the GitHub action to be up-to-date?
    “The version of Java (1.8.0_265) you have used to run this analysis is deprecated and we will stop accepting it from October 2020. Please update to at least Java 11.”

  • Make it easier to disable specific rules, please link directly to the rule definition so that its a few clicks to disable a rule. Today as a new user its hard to find them.

  • Please provide more feedback/documentation on how to create the Exclusions rules. its hard to get right! like should I start a rule with \ or not? if not, perhaps add some javascript warning? Today its to hard to get right! confusing!

Hello @JoeMarkov,

Welcome to the community & thank you for the suggestions!

Could you provide more details around the GitHub action that you set up? Did you use a script from the project setup tutorial directly in the SonarCloud user interface or from somewhere else? If it was from SonarCloud directly, which one did you select (Maven, Gradle, .Net, or Other)?

Best,
Martin

1 Like

I used the .NET script as presented in the getting started wizard in sonarcloud and I added dotnet build at the end.

This is the script I got

    build:
        name: SonarCloud
        runs-on: windows-latest
        steps:
          - uses: actions/checkout@v2
            with:
              fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
          - name: Cache SonarCloud packages
            uses: actions/cache@v1
            with:
              path: ~\sonar\cache
              key: ${{ runner.os }}-sonar
              restore-keys: ${{ runner.os }}-sonar
          - name: Cache SonarCloud scanner
            id: cache-sonar-scanner
            uses: actions/cache@v1
            with:
              path: .\.sonar\scanner
              key: ${{ runner.os }}-sonar-scanner
              restore-keys: ${{ runner.os }}-sonar-scanner
          - name: Install SonarCloud scanner
            if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
            shell: powershell
            run: |
              New-Item -Path .\.sonar\scanner -ItemType Directory
              dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner
          - name: Build and analyze
            env:
              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
              SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
            shell: powershell
            run: |
              .\.sonar\scanner\dotnet-sonarscanner begin /k:"edumentab_AzureDeployTest" /o:"edumentab" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io"
              dotnet build
              .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"

I like that you provide the github action wizard for me.

it would also be nice if there was an alternative getting started script how to get a sonarcloud scan into a docker container against a .NET Core application (using multistage build)

Another usability issue is on this page https://sonarcloud.io/project/settings?category=exclusions&id=e

You see entries like this

At first glance you are horrified, because oh, boy… I need to enter a list of exclusion statements here an then you get depressed and get some coffee. Then as you start typing you are surprised that it is a actually one exclustion statement per line! wow! great!

Also, why is Code Coverage at the top? is is not that most of the time when you go here, you want to do file/folder exclusion? Why is that not at the top?