3

We have SonarQube 5.4 and SonarLint 2.0 setup in "connected mode" for Visual Studio 2015. Everything seems to work fine, except when we customize the severity of rules on the server then those custom severity settings don't show in the Visual Studio rule set.

Here are the steps we follow:

  1. Customize a rule's severity on the server, say from it default of "Info" to "Critical".
  2. Since we have "connected mode" setup, now synchronize the solution to pull down a new version of the rule set.
    • Note: To rule out "connected mode" as a problem, we also manually downloaded the rule set from the "Quality Profiles" page in SonarQube using the permalink for "SonarLint for Visual Studio Rule Set".
  3. Open the newly downloaded ruleset file and notice the rule is still set to it's default severity (In this example, the ruleset still shows the default "Info" severity as a "Warning" in the ruleset file. I would expect it to have been updated to "Error").

The only thing that seems to change the downloaded ruleset file is when we activate/deactivate a rule on the server, and then it is added/removed correctly.

Is this a bug in SonarQube? Or are we just missing some workflow?

This leads to a followup question: How do severity settings on the SonarQube server map to Visual Studio ruleset settings? We've noticed that "Info" on SonarQube does not map to "Info" in Visual Studio. I would have expected something like the following mapping:

    SonarQube   Visual Studio
    ---------   -------------
    Blocker   = Error
    Critical  = Error
    Major     = Error
    Minor     = Warning
    Info      = Info
Kris
  • 33
  • 3
  • Are there other active rule-sets using the changed rule with the old level? – Jeroen Heier Apr 08 '16 at 17:17
  • No, we only have the one Quality Profile (the default) in SonarQube. Our C# projects in Visual Studio only contain the one ruleset. I tried downloading the ruleset directly from SonarQube, but the severity does not change in that downloaded ruleset either. – Kris Apr 08 '16 at 18:56
  • Changes of the priority are stored in the active_rules table, column failure_level. This value is translated to a Severity object. Maybe there is something wrong with QProfileExporters – Jeroen Heier Apr 10 '16 at 20:06
  • We checked the active_rules table and the severity is changing in the table the same as the SonarQube UI. However, when we download the Visual Studio ruleset, the Visual Studio severity does not seem to correspond to the SonarQube severity. I feel like this is a problem in how the Visual Studio ruleset file is being generated from SonarQube. – Kris Apr 11 '16 at 15:51
  • I agree. See [this](https://groups.google.com/forum/#!topic/sonarqube/xQ2kyCuaVGA) question. – Jeroen Heier Apr 11 '16 at 18:12
  • Yes, that sounds like the exact issue we are seeing. – Kris Apr 11 '16 at 18:56

1 Answers1

0

The problem is that there's no one-on-one severity mapping between SonarQube and Visual Studio, so we chose a safe solution and export everything as warning, and nothing as error, because that would break the compilation.

You can change the ruleset locally, and strengthen the ruleset file, so marking the issues as errors. The re-synchronization with SonarQube will not revert back your changes if they made the quality profile stronger.

Note that the following ticket has been created to address this issue: https://jira.sonarsource.com/browse/SONARCS-591

Tamas
  • 6,260
  • 19
  • 30