22

We recently started using SonarQube. We have found some rules that are suggested by SonarQube but we want to ignore them or give them a low priority and even configure the time suggested by SonarQube. For e.g

We want to avoid the rule (and/or configure the priority and time suggested by SonarQube) for

  1. Document this public class. and
  2. Complete the task associated to this TODO comment.

I couldn’t find a way to configure this rules to be ignored. We want this kind of rules to be ignored for the whole project not specific classes.

Configuring this values would help us to have a better time estimation to fix major issues and give low priority for the rules like the above two. We are using SonarQube 6

I appericiate your advice.

Improve this question
3
  • 2
    Create a new quality profile, and you can fine tune whatever you want. Commented Aug 23, 2016 at 19:29
  • 2
    You can activate/deactivate rules (for profiles that your project is associated with) from the sonar web application. But must be loggedin to be able to that. Commented Aug 23, 2016 at 19:36
  • @BheshGurung For the first one I wasn't able to find the exact tag to deactivate but the closest one I could find was "Public types, methods and fields (API) should be documented with Javadoc" (localhost:9000/coding_rules#q=Document this public class|languages=java). After I deactivate it, should I re run the scanner ? When I went to the analysis page and refresh, that tag still comes up and it still affects the total time that has to be spent on fixing bugs. Commented Aug 23, 2016 at 19:45

5 Answers 5

Reset to default
36

If you have the id of the rule ypu want to ignore, then you can add the SuppressWarnings for that

Example:

@SuppressWarnings("squid:S0016")

I dont like this too much and use to add the comment //NOSONAR that tells SonarQube to ignore all errors for a specific line.

Example2:

If I do this:

System.setErr(System.out); ConsoleHandler h = new ConsoleHandler(); System.setErr(err);

my sonar complains asking me to use logger instead of system.out...

therefore I can silent the warning doing:

System.setErr(System.out); //NOSONAR ConsoleHandler h = new ConsoleHandler(); System.setErr(err);
Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

Where do you this ? Is at a project level or class/file level ? Where do you find the squid ? I am a newbie for the tool.
Nope... you need to run again the scanner
SuppressWarnings annotations or NOSONAR comments are not the right way to disable rules as they pollute the source code.
@ΦXocę웃Пepeúpaツ As answered by Ann, you need to disable the rule from the quality profile.
@JulienL.-SonarSourceTeam – When I do not want the rule at all, I have to switch in off in the configuration of the tool, confessed! But @SuppressWarnings() or //NOSONAR is the method of choice to deactivate an otherwise required rule for a single occurrence – like the line when the server prints its "I am alive" message on startup to the console, and not (only) to the log file. And it gives a potential editor to the source code an idea that here is something to have a closer look at.
|
8

As noted in the comments, all you have to do is remove the rules from your profile or edit them to lower their priority. You need the Global Administer Quality Profiles permission to do that. Once you're logged in with that permission, go to the Rules interface, search for a rule you want to deactivate, select the rule, click on it, and Deactivate it from the relevant profile.

Improve this answer

Comments

5

The right thing to do is to put something like this on sonar-project.properties file per project:

sonar.issue.ignore.multicriteria=e1,e2 # tab characters should not be used sonar.issue.ignore.multicriteria.e1.ruleKey=squid:S00105 sonar.issue.ignore.multicriteria.e1.resourceKey=**/*.java # right curly braces should be on a new line sonar.issue.ignore.multicriteria.e2.ruleKey=squid:RightCurlyBraceStartLineCheck sonar.issue.ignore.multicriteria.e2.resourceKey=**/*.java
Improve this answer

Comments

2

Perhaps these answers are somewhat old, as there is an easy way to do this in the SonarQube UI.

  1. Locate your project in SonarQube
  2. Click on the issues tab
  3. Click on a specific issue
  4. At the top, you'll see the issue code name (such as: typescript:S1135 or java:S107). Copy this code.
  5. At the top right of the screen click on Project Settings >> General Settings
  6. Click on the Analysis Scope tab on the left
  7. Scroll down to "Ignore Issues on Multiple Criteria"
  8. In this section you create your exclusion rules.

Examples

  • Ignore an issue everywhere: For example, if you want to ignore typescript:S1135 everywhere. You enter typescript:S1135 as the Rule Key Pattern and enter **/* as the File Path Pattern (** matches zero or more directories. * matches zero or more characters).
  • Ignore all issues in a specific file: Enter * as the Rule Key Pattern and the path (path/to/your/file.js) as the File Path Pattern.

More examples: https://docs.sonarqube.org/9.8/project-administration/narrowing-the-focus/#excluding-specific-rules-from-specific-files

Improve this answer

Comments

0

Also when you want to do multiple ignores you can do this:

@SuppressWarnings({"unchecked","Depreciated","Duplicates","squid:S3776"})
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.