--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/WlALjVzp-OE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/d1ac75ee-29af-45c1-a8f8-1ac517d4be99%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/9f43ae94-3005-4790-b2e7-81d72e4bbff1%40googlegroups.com.
Would it be possible to have the decision to deprecate the 'preview' reporting mode on the Sonar Scanner reversed? I believe that it has been reporting itself as deprecated for around 2 years and the message says 'use SonarLint command line instead'.
As I explain on a stack exchange question here I consider the lack of a viable command line implementation of preview functionality to be a barrier to adoption of basic build best practice; a developer should be able to run a build that will indicate any issues that could be found in a CI build before making a commit. I do not consider the existence of the SonarLint IDE plugins to meet this requirement, the IDE is not a local build.
My primary motivator for wanting the ability to run sonar analysis from the command line (or more accurately as part of a Maven build from the command line) is that this would allow me to stop running multiple other static analysis plugins and eliminate the (almost impossible) task of attempting to keep the rules used by these tools in sync with those used by the Sonar server. The use of standard open source tools like PMD, findbugs, etc. would, perhaps, be ideal, but SonarSource has chosen to deprecate many of the rules that do align with these tools in favour of the Squid rules engine, which makes rules matching much more difficult.
Using the preview mode, or SonarLint command line, makes matching rules used during a local or CI build with those seen when looking at the server side analysis trivial, so I do believe that SonarSource is making a mistake in apparently dropping all support for the concept of a command line analysis of the source code that does not write data to the Sonar server.
--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/WlALjVzp-OE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/a2ca8c76-dc4d-4bd9-80ff-ed5b4460d122%40googlegroups.com.
Hi Damon,Would it be possible to have the decision to deprecate the 'preview' reporting mode on the Sonar Scanner reversed? I believe that it has been reporting itself as deprecated for around 2 years and the message says 'use SonarLint command line instead'.Anything's possible, but it's not very likely.As I explain on a stack exchange question here I consider the lack of a viable command line implementation of preview functionality to be a barrier to adoption of basic build best practice; a developer should be able to run a build that will indicate any issues that could be found in a CI build before making a commit. I do not consider the existence of the SonarLint IDE plugins to meet this requirement, the IDE is not a local build.I think there's a fundamental misalignment of philosophy here. We do believe that in-IDE checking is enough. Or should be enough - meaning that if it's not we'd really like to hear how/where it's failing you. I.E. what specific issues are missed in SonarLint that are found in full (or even preview) analysis?
My primary motivator for wanting the ability to run sonar analysis from the command line (or more accurately as part of a Maven build from the command line) is that this would allow me to stop running multiple other static analysis plugins and eliminate the (almost impossible) task of attempting to keep the rules used by these tools in sync with those used by the Sonar server. The use of standard open source tools like PMD, findbugs, etc. would, perhaps, be ideal, but SonarSource has chosen to deprecate many of the rules that do align with these tools in favour of the Squid rules engine, which makes rules matching much more difficult.I don't fully understand this paragraph. We believe we've replaced most of the valuable rules from the tools you cite. It seems to me that you should be able to include the replacement rules into your profile and have them run in both SonarLint and SonarQube. These reports might help with that: Checkstyle, PMD, FindBugs.If there are rules from those 3rd party tools you don't feel are adequately replaced, we'd love to hear about it.
Using the preview mode, or SonarLint command line, makes matching rules used during a local or CI build with those seen when looking at the server side analysis trivial, so I do believe that SonarSource is making a mistake in apparently dropping all support for the concept of a command line analysis of the source code that does not write data to the Sonar server.With SonarLint, you have the ability to run all our rules pre-commit. And with PR analysis and the coming-soon Branch analysis, comes the ability to run them all pre-merge. So I suspect what you're actually upset about is a lack of support for 3rd-party analyzers in SonarLint.