Ok, I've recreated the "ODL way" Java quality profile (59 of 60 rules; one was deprecated) in Sonarcloud, and set it as the default. Future runs should reflect only those rules that were chosen. I still think this should probably be updated, as it has not changed in 5 years, but for now the results should be closer to what you're getting in SonarQube.
On Thu, Dec 5, 2019 at 11:25 AM Thanh Ha <zxi...@gmail.com> wrote: > On Thu, 5 Dec 2019 at 12:55, Eric Ball <eb...@linuxfoundation.org> wrote: > >> Okay, so what is the process to gain access? We have the controller >>> being analyzed and the number of utterly false positives is not funny >>> and I have no way to close them down. >>> >>> >> To gain access, you'll need to log into Sonarcloud.io using a Github >> account. If your Github account is already a member of the >> github.com/opendaylight org, you'll immediately have access to the >> Sonarcloud org. If not, you can open an issue at >> support.linuxfoundation.org, providing your Github username for us to >> provide access. >> >> Two examples: >>> >>> >>> https://sonarcloud.io/project/issues?id=opendaylight_controller-sonarcloud&issues=AW6UsvtubRr7khNgdg70&open=AW6UsvtubRr7khNgdg70 >>> is so utterly and completely wrong it's hard to describe -- target >>> object type is a simple enum, having no state, hence it all the points >>> about safe publication are utter BS in this context. >>> >>> >>> https://sonarcloud.io/project/issues?id=opendaylight_controller-sonarcloud&issues=AW6Usvo9bRr7khNgdg5r&open=AW6Usvo9bRr7khNgdg5r >>> is also utterly wrong -- there is even a >>> @SuppressFBWarnings(VO_VOLATILE_REFERENCE_TO_ARRAY) to mark that yes, we >>> really know what we are doing (it is a cache of the serialized form, and >>> no, we do not really care about double-checked loading). >>> >>> Furthermore, what is the process to evolve the rule sets? >>> >> >> We can make changes to the Quality Profiles to meet the needs of the >> projects, if there are rules that should never be applied. Otherwise, like >> SonarQube, individual issues can be marked as false positives, and/or have >> their priority lowered. >> > > Hi Eric, > > I recall the old sonar system has the "ODL Sonar Way" or something > profile. Can we not redo that profile in SonarCloud? > > I believe that profile was crafted by the community over the years of > using Sonar, it seems like if we are able to reapply the rules from there > we don't have to relearn our ruleset all over again. It seems to me like a > waste of time to have the community backtrack on configuration that has > already been applied in the past. > > Regards, > Thanh > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1137): https://lists.opendaylight.org/g/infrastructure/message/1137 Mute This Topic: https://lists.opendaylight.org/mt/44643180/21656 Group Owner: infrastructure+ow...@lists.opendaylight.org Unsubscribe: https://lists.opendaylight.org/g/infrastructure/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
