While running an analysis, SonarQube raises an issue every time a piece of code does not comply to a coding rule. The set of coding rules is defined through the quality profile associated to the project. Developers can also manually raise issues that cannot be detected by SonarQube (examples: the implementation of the method does not comply to the functional requirements, the javadoc of the method does not match its implementation, etc.).
The ideal objective would be for the whole team not to introduce any new quality issue (any new technical debt). Plugins like Issues Report or SonarQube in Eclipse can help them as they provide the ability to perform local analyses to check their code before pushing it back to the SCM.
But in real life, it is not always possible or sometimes not worth it. So new issues may be introduced. Then, it is important to review them.in order to keep your technical debt under control. Thus, your requirement should become something like: any new issue should be reviewed and according to its severity should be either:
- Fixed immediately
- Put in an action plan to be fixed during the next development sprint(s)
- Kept it in mind as a piece of technical debt that does not require a corrective action for now as the return on investment is too low
At project level, issues can be browsed through the Issues Drilldown:
At global level, an Issues Service is available to search issues by project, status, assignee, etc:
Displaying Issues Widgets on Dashboards
SonarQubecomes with several widgets that are specialized to display issues information on dashboards. These widgets are grouped in their own Issues category:
By default the "Rules Compliance" widget, displaying the number of issues by severity, is displayed on the main dashboard:
Out of the box, SonarQubecomes with an Issues dashboard displaying some of these widgets:
Reviewing an Issue
To review an issue, you must be logged in and have the 'User' role on the project where the issue stands.
The main available actions are:
- Starting a thread of discussion
- Starting a workflow of resolution
- Marking an issue as false positive
- Assigning an issue to a developer
- Changing the severity of an issue
- Linking an issue to an action plan
- Viewing an issue change log
Starting a thread of discussion
Starting a workflow of resolution
To make sure that an issue will be reviewed and eventually fixed, you can start a workflow of resolution.
Possible Status: Closed, Confirmed, Open, Reopened, Resolved
Possible Resolution: False positive, Fixed, Removed
Manual workflow (through the web interface)
Automated workflow (during analysis)
Issues are automatically closed (status: Closed) when:
- the issue (that could be of any status) has been properly fixed => Resolution: Fixed
- the issue does no longer exist because the related coding rule has been deactived or is no longer available (ie: plugin has been removed) => Resolution: Removed
Issues are automatically reopened (status: Reopened) when:
- the issue that is Resolved (but Resolution is not False positive) is not properly fixed
Making an issue as false positive
To mark an issue as false positive, click on the False positive link.
Note that false positives are not displayed by default on the code viewer. To display them, select False positives in the dropdown list:
If you tend to mark a lot of issues as false positives, it means that some coding rules are not adapted to your context. So, you can either completely deactivate them in the quality profile or use the Switch Off Violations plugin to not check them on specific parts (or types of object) of your application.
Assigning an issue to a developer
Any issues (whose status is Open or Reopened or Confirm) can be assigned to a developer by clicking on the Assign link.
As issues are fully integrated within the Notification service, developers can receive email notifications when issues are assigned to them, changes are made on issues reported by them, etc. For more details, browse the Notification documentation page.
Changing the severity of an issue
The severity of any issues can be changed by clicking on the Change severity link.
Linking an issue to an action plan
Action plans can be created to group issues. Action plans are buckets of issues that you want to group as they are going to have similar timeframe for resolution.
Action plans can be created by project administrators from Configuration > Action Plans:
Each issue can then be linked to an action plan:
Viewing an Issue change log
The change log of an issue can be displayed by clicking on its creation date:
Creating a Manual Issue
An issue can be created by clicking on the '+' button in the first column of the code viewer:
Note that manual rules have to be previously defined by a System administrator.
The issue is then displayed within the source code and can be reviewed as any other issues:
Linking an Issue to an External Task Manager
It is possible to link an issue to an external task manager. To link issues to JIRA for example, you can install the SonarQube JIRA plugin.
Purging Closed Issues
By default, Closed issues are kept for 30 days. For more details, browse the Database Cleaner documentation page.