Hi @arielman ,
Thank you for your question. We are in a transitionary period at the moment which is why you are seeing a mixture of systems in use. You can still see most of the terminology used in the reports in the UI, although it is much less prominent than the ‘High/Medium/Low’ system as you say.
We are working to address this situation more completely starting in the 10.8 release. I’ve put a bit more detail below.
Some more background
In 10.6 we have two systems in place:
-
Similar to 9.9:
- Severity at the rule level: Info, Minor, Major, Critical, Blocker
- Each rule/issue has one type and a single severity for that type: Vulnerability, Bug, Code Smell
- Ratings (A-E) in the UI and PDF reports are calculated based upon this system
- Reports use this system
-
Introduced in 10.2:
- Severity at the software quality level: Low, Medium, High
- Note: we moved to 5 severities here, adding Info and Blocker, in 10.7
- Each rule/issue has a severity for each quality it impacts:
- e.g. a rule might have a Security severity of High and a Reliability severity of Low
- The UI uses this system, with the 9.9 system mostly still visible, but less prominent
- Severity at the software quality level: Low, Medium, High
What’s coming next?
We are on our way to having two separate modes, one for each of the systems above:
- 'Similar to 9.9 => ‘Standard Experience’
- ‘Introduced in 10.2’ => ‘Multi-Quality Rule (MQR) mode’.
You set the mode for your SonarQube Server (the new name for SonarQube) instance based on the mode that best suits your way of working. Each mode aims to be completely self-consistent with reports, UI and API all working together seamlessly. You should see this start to appear in 10.8 which is scheduled for release in December.
You can read more about these modes in this blog post.
If you have any questions about this and/or if your current situation with 10.6 is causing you problems, please let us know.