Is it possible to Import SonarQube rules?

Question

We're transferring our CI stack from a consulting company to in-house. We need to export the SonarQube profiles from the consultant's SQ instance to our corporate instance. We can export the profiles but the consultants created hundreds of custom rules and when we try to import the profile it fails to import the custom rules. We found in the API where you can export the rules to a JSON file, but can't find documentation on how to import them.

Is it possible to import SonarQube rules? What is the best way to go about that?

Referenced documentation:
SQ Docs - Copying Quality Profiles:
https://docs.sonarqube.org/display/SONAR/Quality+Profiles#QualityProfiles-CopyaprofilefromoneSonarQubeinstancetoanother
StackOverflow - How to export Rules:
How to extract or export rules from SonarQube
SQ API - Rules: https://docs.sonarqube.org/pages/viewpage.action?pageId=2392166

Not technically, but the SQ page says if you have any questions at all your only available sources to get them answered are here and Twitter. — Carrie Garcia, Sep 29 '17 at 14:47

Dragonknot · Answer 1 · 2021-03-16T12:21:47.150

3

Anyone trying to replicate rules from the server on their local setup-

For sonarqube community edition 8.7.1 you can simply export the custom rules as XML files. Goto Quality Profiles-> Gear Icon -> Backup This will get you the custom rule in xml file format.

Then in your local setup goto Quality Profiles-> Restore(top right corner)- select the XML file you downloaded in the previous step

edited Mar 16 '21 at 12:21

answered Mar 16 '21 at 11:45

Dragonknot

292
4
10

@Tomerikoo I have updated the description and also highlighted the image. Hope it makes it a little easier to understand. – Dragonknot Mar 16 '21 at 12:04
@Tomerikoo updated with better screenshots using snipping tool – Dragonknot Mar 16 '21 at 12:22

G. Ann - SonarSource Team · Accepted Answer · 2017-09-28T14:38:24.560

1

It is not possible to import/export the logic of those custom rules, only their presence in a profile.

In the case of rules coded in Java, you must make them give you at least the jar containing the rule implementations. Once you install that jar (and restart your server) the rules will be available to you.

In the case of rules written in XPath, you must make them give you their XPath configurations, and you will need to re-create those XPath rules on your side (a tedious process of filling in a form once for each rule).

edited Sep 28 '17 at 14:38

answered Sep 28 '17 at 13:24

G. Ann - SonarSource Team

22,346
4
40
76

To clarify...you're saying that we just need to have them give us the definitions they implemented and we must implement them all manually? – Carrie Garcia Sep 28 '17 at 14:29
Also, can you tell me if the licensed version has any additional functionality that would allow us to import rules? – Carrie Garcia Sep 28 '17 at 14:31
@CarrieGarcia, see my expansion. For your 2nd question: no. – G. Ann - SonarSource Team Sep 28 '17 at 14:38
One final question...Does the licensed version of SonarQube come with rules that the free version does not include? This is related because we're wondering if these additional rules might not have actually been written by the consultants, but maybe come with their license. Thanks! – Carrie Garcia Sep 28 '17 at 21:04
You can buy licenses for additional languages. Additionally, some commercial 3rd party plugins may add rules to an existing language. SonarSource does not offer free & paid tiers within a language. – G. Ann - SonarSource Team Sep 29 '17 at 12:00

Is it possible to Import SonarQube rules?

2 Answers2