2

We'd like to use SonarQube/SonarLint on a rather huge C# solution with around 40 projects (C++ solutions hopefully to come later on). However, we are struggling with VS integration. The issue is as follows:

  • We've defined a Quality Profile on the SonarQube server and bound our solution to that profile. As a result, SonarLint receives the profile as a .ruleset solution file, and creates a bunch of files:
    • The binding configuration (.sqconfig) (folder <solution dir>/SonarQube)
    • The solution ruleset (folder <solution dir>/SonarQube)
    • The project ruleset files (one for each project folder) which allow to adjust the solution ruleset on project level (great and (for us) important feature)
  • Now, we'd like to share our binding and rulesets accross our development team. Thus, we have checked in all the above files. However, this has a significant disadvantage: Each time SonarLint receives changes of the Quality Profile from the SonarQube server, we have a bunch of outgoing changes. Investigating those changes implies that most (if not all) files have not changed at all, but seem to only have been touched. This is a showstopper for us, since we do not want to deal with a "polluted" list of outgoing changes on a regular base.
    • Note that this can be reproduced rather easily:
      1. Bind solution to quality profile
      2. Check-in all new and changed files
      3. Right-click on SonarQube connection, select Update
      4. => All ruleset files created by binding the solution are marked as outgoing changes (and none contains any actual changes), refreshing the Team Explorer view doesn't help
  • Therefore, we thought that we could exclude all SonarLint created files from TFS. This (to my understanding) should be fine for the solution ruleset (since that ruleset is synchronized with the SonarQube server automatically), and we could live with having each developer take care of the solution binding once for himself/herself. However, since it appears to not be possible to adjust Quality Profiles on the SonarQube server with respect to VS projects, we would loose the ability to use VS project specific rulesets (or would have to copy them around manually).

Thus, my question is: What are best practices for sharing SonarQube rulesets accross development teams when using SonarLint and TFS as version control system?

csoltenborn
  • 1,127
  • 1
  • 12
  • 22
  • As far as I know, the rule set is to meet specific project which needs associated with code analysis. What are the risks and pitfalls if you just ignore the project ruleset files on the source control ? Could the SonarQube server just download those files at the analysis time when you connected to? – PatrickLu-MSFT Mar 31 '17 at 09:30
  • Thanks for your thoughts! Terminology is a bit confusing - VS solution is bound to SQ project (having a quality profile I'm referring to as solution ruleset), and SonarLint (not SQ server!) allows to apply modifications of the solution ruleset on VS project level (which I'm calling project rulesets). SonarLint appears to only keep the solution ruleset synchronized with the SQ server (since there are no project rulesets on the server), so the only way to share project rulesets seems to be through version control (with the drawbacks as described above). That's at least how I understood it... – csoltenborn Mar 31 '17 at 09:48
  • 1
    No answer yet, so I assume this is indeed a bug. Thus, I have opened an [according issue](https://github.com/SonarSource/sonar-csharp/issues/184). – csoltenborn Apr 05 '17 at 13:58
  • Hi csoltenborn. You are mentioning quite a lot of things in your question so I just want to be sure I correctly understood the issue you are facing. Your problem is that you manually have to check-out the csproj and ruleset files in order to be able to update the binding to the SQ server, right? – Amaury Levé Apr 18 '17 at 07:33
  • No, the problem is quite the opposite: The files are checked out each time the rulesets are synchronized with the server, no matter whether there were changes or not. Try the steps I provided to reproduce the problem... – csoltenborn Apr 19 '17 at 13:54

0 Answers0