Versions Compared

Version Old Version 2 New Version 3
Changes made by

Moses Kim

Moses Kim

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Info

SQ Official Doc Link: https://docs.sonarqube.org/display/SONAR/Rules



Panel
borderColor#888888

Table of Contents

Table of Contents
indent16px


In the SonarQube platform, plugins contribute rules which are executed on source code to generate issues. Those issues are used to compute remediation cost and technical debt . There are three basic types of rules: Reliability and Maintainability rules, from which zero false positives are expected, and Security rules, which may produce some false positives. The Rules page is the entry point where you can discover all the existing rules or create new ones based on provided templates.

Finding Rules

Click on the top "Rules" menu item to enter the world of rules. By default, you will see all the available rules, with the ability to narrow the selection based on search criteria in the left pane:

  • Language: the language to which a rule applies.
  • Type: Bug, Vulnerability or Code Smell rules
  • Tag: it is possible to add tags to rules in order to classify them and to help discover them more easily.
  • Repository: the engine that contributes rules to SonarQube.
    • Default Severity: the original severity of the rule - as defined by the plugin that contributes this rule.

    플랫폼에서, 플러그인은 소스 코드를 분석하고 이슈를 생성하는 코딩 규칙을 제공합니다. 이 이슈들은 이슈 완화 비용과 기술 부채를 계산하기 위한 자료로 사용됩니다. SonarQube는  세가지 종류의 코딩 규칙을 제공합니다:

    • 신뢰성(Reliability)
    • 유지보수성(Maintainability)
    • 보안성(Security)

    이 중 신뢰성과 유지보수성 관련 코딩 규칙은 zero false positive가 기대되며, 보안성 관련 코딩 규칙은 약간의 false positive를 생성할 수 있습니다. Rules 페이지에서 적용 가능한 모든 코딩 규칙들을 살펴볼 수 있으며, 제공하는 템플릿을 기반으로 새로운 코딩 규칙을 생성할 수 있습니다.

    코딩 규칙 찾기

    "Rules" 메뉴를 클릭하면, 코딩 규칙 페이지로 이동합니다. 기본적으로 적용 가능한 코딩 규칙들을 표시하며, 화면 왼쪽의 검색 기준으로 원하는 코딩 규칙들을 필터링할 수 있습니다:

    • Language: 해당 규칙을 적용할 프로그래밍 언어
    • Type: 버그(Bug), 취약점(Vulnerability) 혹은 코드 냄새(Code Smell) 코딩 규칙
    • Tag: 보다 쉬운 검색을 위해 코딩 규칙에 태그 추가 가능
    • Repository: SonarQube에 코딩 규칙을 제공하는 분석 엔진
    • Default Severity: 해당 코딩 규칙의 기본 심각도 - 코딩 규칙을 제공하는 플러그인이 정의함
    • Status: rules can have 3 different statuses:
      • Beta: The rule has been recently implemented and we haven't gotten enough feedback from users yet, so there may be false positives or false negatives.
      • Deprecated: The rule should no longer be used because a similar, but more powerful and accurate rule exists.
      • Ready: The rule is ready to be used in production.
    • Available Since: date when a rule was first added on the SonarQube instance. This is useful to list all the new rules since the last upgrade of a plugin for instance.
    • Template: display rule templates that allow to create custom rules (see later on this page).
    • Quality Profile: inclusion in or exclusion from a specific profile

    If a quality profile is selected, it is also possible to check for its active severity and whether it is inherited or not. See the Quality Profile documentation for more.

    Rule Details

    To see the details of a rule, either click on it, or use the right arrow key. Along with basic rule data, you'll also be able to see which, if any, profiles it's active in and how many open issues have been raised with it.

    The 2 following actions are available only if you have the right permissions ("Administer Quality Profiles and Gates"):

    • Add/Remove Tags:
      • It is possible to add existing tags on a rule, or to create new ones (just enter a new name while typing in the text field).
      • Note that some rules have built-in tags that you cannot remove - they are provided by the plugins which contribute the rules.
    • Extend Description
      • Extending rule descriptions is useful to let users know how your organization is using a particular rule for instance or to give more insight on a rule. 
      •  Note that the extension will be available to non-admin users as a normal part of the rule details.

    Rule Templates and Custom Rules

    Rule Templates are provided by plugins to allow users to define their own rules in SonarQube. For instance, the template "Architectural Constraint" can be used to create any kind of rule that checks forbidden access from a set of file to another set of files.

    Rule templates are like cookie cutters from which you can stamp out new, "custom rules". To find templates, use the template facet:

    To create a custom rule from a template, you will have to fill the following information:

    • Name
    • Key (auto-suggested)
    • Description (Markdown format is supported)
    • Default Severity
    • Status
    • The parameters specified by the template

     

    It's easy to navigate from a template to the custom rules defined from it: just click on the link in the "Custom Rules" section and you will end up on the details of the given rule.

    Custom Rules

    Custom Rules are considered like any other rule, except that they can be fully edited or even deleted:

    Note that when deleting a custom rule, it is not physically removed from the SonarQube instance but rather its status is set to "REMOVED". This allows current or old issues related to this rule to be displayed properly in SonarQube until they are fully removed.

    Extending Coding Rules

    Custom coding rules can be added. See Adding Coding Rules for detailed information and tutorials.