Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

While running an analysis, SonarQube raises an issue every time a piece of code breaks a coding rule. The set of coding rules is defined through the quality profile associated with the project. Developers can also manually raise issues that cannot be detected by SonarQube (examples: the implementation of the method does not comply to the functional requirements, the javadoc of the method does not match its implementation, etc.).

Each issue has one of five severities:

  1. BLOCKER
    Bug with a high probability to impact the behavior of the application in production: memory leak, unclosed JDBC connection, .... The code MUST be immediately fixed.
  2. CRITICAL
    Either a bug with a low probability to impact the behavior of the application in production or an issue which represents a security flaw: empty catch block, SQL injection, ... The code MUST be immediately reviewed. 
  3. MAJOR
    Quality flaw which can highly impact the developer productivity: uncovered piece of code, duplicated blocks, unused parameters, ...
  4. MINOR
    Quality flaw which can slightly impact the developer productivity: lines should not be too long, "switch" statements should have at least 3 cases, ...
  5. INFO
    Neither a bug nor a quality flaw, just a finding.

Ideally, the team wouldn't introduce any new issues (any new technical debt). Plugins like Issues Report or SonarQube in Eclipse or SonarQube in IntelliJ can help developers because they provide the ability to perform local analyses to check their code before pushing it back to the SCM. But in real life, it's not always possible to code without any new technical debt, and sometimes it's not worth it.

So new issues get introduced. SonarQube's issues workflow can help you manage those issues. By default, there are seven different things you can do to an issue (other than fixing it in the code!): Comment, Assign, Plan, Confirm, Change Severity, Resolve, and False Positive. Plugins may add more options, such as Link to JIRA.Image Removed

Image Added

These actions break out into four different categories. First up is the "technical review" category.

...

  • Confirm - By confirming an issue, you're basically saying "Yep, that's a problem."
  • False positivePositive - Looking at the issue in context, you realize that for whatever reason, this issue isn't actually an issue, erm... "problem." It's not actually a problem. So you mark it False Positive and move on. It will disappear immediately from your issue counts drilldown and drilldown after the next analysis for issues counts.
  • Change severitySeverity - This is the middle ground between the first two options. Yes, it's a problem, but it's not as bad a problem as the rule's default severity makes it out to be. Or perhaps it's actually far worse. Either way, you adjust the severity of the issue to bring it in line with what you feel it deserves. The marker in the drilldown will change to show the new severity immediately, but the change won't be reflected in your issue counts until after the next analysis.

...

Once issues have been through technical review, it's time to decide how you're going to deal them. You've got up to three choices here, and while the technical review options are mutually exclusive (well, mostly), you may find yourself using all three of these on the same issue:

  • Assign - Assign the issue to yourself or a teammate for immediate handling. The assignee will receive email notification of the assignment if he signed up for notifications, and the assignment will show up everywhere the issue is displayed, as well as in certain widgets.
    Image Removed
    Image Added

    Image Added

  • Plan - Some issues will need immediate action, but others you might want to put off. The Action Plan functionality lets you group issues into sets, optionally assign dates, and track set resolution. Once you've created an action plan, the "Plan" option on an issue lets you put the issue into the set.
    Image Removed
    Image Added

  • Link to JIRA - Assuming you've installed the JIRA Plugin, this option allows you to create a JIRA ticket for an issue. The URL to the JIRA ticket will be added to the issue and a link to the issue will be added to the JIRA ticket. After that though, there's no relationship between the two. Updating the JIRA ticket won't touch the issue and vice versa.

...

There's only one option under the General category: comment. At any time during the lifecycle of an issue, you can log a comment on it. Comments are displayed in the issue detail in a running log. You have the ability to edit or delete the comments you made.Image Removed

Image Added

Endgame

If you've been doing the math, you already know that there's only one option left: Resolve. Use this option to signal that you think you've fixed an open issue. If you're right, the next analysis will move it to closed status. If you're wrong, its status will go to re-opened.

...