1. TSC
  2. Messages

Re: Moving from sonar.opendaylight.org to Sonarcloud.io

Eric Ball <eball@...>
 

Ok, I've recreated the "ODL way" Java quality profile (59 of 60 rules; one was deprecated) in Sonarcloud, and set it as the default. Future runs should reflect only those rules that were chosen. I still think this should probably be updated, as it has not changed in 5 years, but for now the results should be closer to what you're getting in SonarQube.


On Thu, Dec 5, 2019 at 11:25 AM Thanh Ha <zxiiro@...> wrote:
On Thu, 5 Dec 2019 at 12:55, Eric Ball <eball@...> wrote:
Okay, so what is the process to gain access? We have the controller
being analyzed and the number of utterly false positives is not funny
and I have no way to close them down.


To gain access, you'll need to log into Sonarcloud.io using a Github account. If your Github account is already a member of the github.com/opendaylight org, you'll immediately have access to the Sonarcloud org. If not, you can open an issue at support.linuxfoundation.org, providing your Github username for us to provide access. 

Two examples:

https://sonarcloud.io/project/issues?id=opendaylight_controller-sonarcloud&issues=AW6UsvtubRr7khNgdg70&open=AW6UsvtubRr7khNgdg70
is so utterly and completely wrong it's hard to describe -- target
object type is a simple enum, having no state, hence it all the points
about safe publication are utter BS in this context.

https://sonarcloud.io/project/issues?id=opendaylight_controller-sonarcloud&issues=AW6Usvo9bRr7khNgdg5r&open=AW6Usvo9bRr7khNgdg5r
is also utterly wrong -- there is even a
@SuppressFBWarnings(VO_VOLATILE_REFERENCE_TO_ARRAY) to mark that yes, we
really know what we are doing (it is a cache of the serialized form, and
no, we do not really care about double-checked loading).

Furthermore, what is the process to evolve the rule sets?

We can make changes to the Quality Profiles to meet the needs of the projects, if there are rules that should never be applied. Otherwise, like SonarQube, individual issues can be marked as false positives, and/or have their priority lowered.

Hi Eric,
 
I recall the old sonar system has the "ODL Sonar Way" or something profile. Can we not redo that profile in SonarCloud?

I believe that profile was crafted by the community over the years of using Sonar, it seems like if we are able to reapply the rules from there we don't have to relearn our ruleset all over again. It seems to me like a waste of time to have the community backtrack on configuration that has already been applied in the past.

Regards,
Thanh
Join {TSC@lists.opendaylight.org to automatically receive all group messages.