Since version 3.6, the Violations and Reviews concept is replaced by the Issues concept.
So, in order to keep control of your technical debt on your current developments, Sonar SonarQube offers the Reviews feature.
- Fix immediately
- Plan for next sprint(s)
- Keep in mind that you have this piece of technical debt but don't take corrective action yet as the return on investment is low
Action Plans are available since Sonar 2.13
Adding a violation on any piece of code is available since Sonar 2.13
The Review LifecycleThe objective of the Manual Review feature is to be able to assign a violation to a user and start a discussion thread which should possibly lead to the correction of the violation.
A review has four possible status: Open, Resolved, Reopened and Closed. Sonar SonarQube automatically takes care of closing a review as soon as its underlying violation gets resolved, which means that no one can close an issue manually.
The first status of review is Open. From there a review can be resolved with one the the two resolution types: Fixed or False-Positive. At any point of time a Resolved review can be reopened either by the user or by SonarSonarQube. Indeed, if a review is marked as Resolved with resolution Fixed but the violation is still there after a new Sonar analysis, Sonar automatically SonarQubeautomatically reopens the review.
Reviews can be managed in action plans.
To create a review, you must be first logged in and have the Users role on the project containing the violation to review. Then, directly in the resource viewercomponent viewer, a new "Review" link appears to start creating a new review when placing the mouse over the violation title:
Once a review has been created on a violation, every Sonar user can see the review below the violation :
Once a violation is switched off, this violation is no more displayed by default in the resource viewercomponent viewer. The option "False-Positives only" must be selected to display those false-positive violations:
Moreover, all measures on the project like the number of violations will be updated the next time a Sonar an analysis will run.
Reopening a Review
Whenever a quality defect is detected “manually”, the person who detected it has the ability to create a new violation (with its associated review) directly into Sonarthrough the web interface.
The related violation is then displayed within the source code and will be accounted for in metrics after the next analysis of the project.
Each review can be linked to an action plan:
Linking a Review to an External Task Manager
It is possible to link a review to an external task manager. To link reviews to JIRA, you can install the SonarQube JIRA plugin.
SonarQubecomes with several widgets that are specialized to display reviews information in dashboards. Those widgets are grouped in their own category in the dashboard configuration:
Here is the type of dashboard you can create to manage reviews:
It is possible to get notified by email on :
- Changes in review assigned to me or created by me
- New violations on my favourite projects introduced during the first differential view period