Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Table of Contents

Was Violations and Reviews prior to Sonar 3.6

Icon

Since Sonar 3.6, the Violations and Reviews concept is replaced by the Issues concept.

While running an analysis, Sonar raises an issue every time a piece of code does not comply to a coding rule. The set of coding rules is defined through the quality profile associated to the project. Developers can also manually raise issues that cannot be detected by Sonar (examples: the implementation of the method does not comply to the functional requirements, the javadoc of the method does not match its implementation, etc.).

The ideal objective would be for the whole team not to introduce any new violations (any new technical debt). Plugins like Issues Report or Sonar in Eclipse can help them as they provide the ability to perform local analyses to check their code before pushing it back to the SCM.

But in real life, it is not always possible or sometimes not worth it. In order to keep the technical debt under control, issues can be reviewed. Then, your requirement should become something like: any new issue should be reviewed and according to its severity should be either:

  • Fixed immediately
  • Put in an action plan to be fixed during the next development sprint(s)
  • Kept it in mind as a piece of technical debt that does not require a corrective action for now as the return on investment is too low

Creating a Review

To create a review, you must be first logged in and have the Users role on the project containing the violation to review. Then, directly in the resource viewer, a new "Review" link appears to start creating a new review when placing the mouse over the violation title:

A comment must be filled before being able to really create the review by clicking on the "Add comment" button:

 

By default, a review is assigned to the creator of the review but the assignee can be changed or simply removed.

Once a review has been created on a violation, every Sonar user can see the review below the violation :


Only the last comment on a review can be edited by the creator of this last comment.

Flagging a Violation as False-positive

If a violation is a false-positive, this is pretty straight forward to switch off this violation by clicking on the "Flag as false-positive" link:


Once a violation is switched off, this violation is no more displayed by default in the resource viewer. The option "False-Positives only" must be selected to display those false-positive violations:


Moreover, all measures on the project like the number of violations will be updated the next time a Sonar analysis will run. 

Reopening a Review

Once a review has been fixed or flagged as false positive, it's stil possible to reopen it at any point of time:


Searching for Reviews

The Reviews page allows to search for any review with optional filter parameters like the project, the author of the review, the severity of the violations, the status of the review, etc.:


By default, all reviews assigned to the current user are displayed.

Clicking on the title of a review allows to display the detail of this review:

It is also possible to track false-positive reviews from this search engine:

 

Creating a Manual Violation

Whenever a quality defect is detected “manually”, the person who detected it has the ability to create a new violation (with its associated review) directly into Sonar.


The related violation is then displayed within the source code and will be accounted for in metrics after the next analysis of the project.


Changing the Severity of a Violation

Creating an Action Plan

Action plans can be created to group reviews together. Action plans are buckets of reviews that you want to group as they are going to have similar timeframe for resolution:


Linking a Review to an Action Plan

Each review can be linked to an action plan:


 

Linking a Review to an External Task Manager

 

It is possible to link a review to an external task manager. To link reviews to JIRA, you can install the Sonar JIRA plugin.


Widgets

Sonar comes with several widgets that are specialized to display reviews information in dashboards. Those widgets are grouped in their own category in the dashboard configuration:

Here is the type of dashboard you can create to manage reviews:

 

Notifications

It is possible to get notified by email on violations and reviews. See the Notification page for more information.


  • No labels