SonarLint displays different severity for same issue in different source files
17 views
Skip to first unread message
Pat
Dec 13, 2017, 4:51:47 PM12/13/17
to SonarLint
Eclipse Mars 4.5.2
SonarLint 3.3.0.201711211047
SonarQube 5.6.7
After a recent upgrade we experienced a problem with the SonarQube Elastic Search directory and had to rebuild it. Prior to the upgrade we had a project that had a fair number of Blocker issues. After looking at these issues we dispositioned most of them, some as false positives, some as downgraded severity, some as won't fix. After rebuilding the Elastic Search directory, the dispositioning was lost (at least in SonarQube reporting).
Now when we perform a SonarLint analysis of Java source code that contained these issues, we're finding that in some cases SonarLint reports the issue as Blocker severity whereas in other Java source code files the same issue number (squid:S2259) is reported as Major severity.
It seems like even though we lost the dispositioning in SonaQube, there is still some remnant of it that recognizes a downgrade of severity. Is this possible?
A follow-up question is how was SonarLint intended to work when analyzing code with issues that have been dispositioned in SonaQube? Does it attempt to report the disposition or the original issue without regard to its disposition? If the disposition is "false-positive" should it still show up as a Blocker in the SonarLint report? Presumably another developer has already investigated and made a determination, but if I'm running the analysis and I see a blocker I have to re-investigate.
Any help in understanding how this is supposed to work would be appreciated..
-Pat
SonarLint 3.3.0.201711211047
SonarQube 5.6.7
After a recent upgrade we experienced a problem with the SonarQube Elastic Search directory and had to rebuild it. Prior to the upgrade we had a project that had a fair number of Blocker issues. After looking at these issues we dispositioned most of them, some as false positives, some as downgraded severity, some as won't fix. After rebuilding the Elastic Search directory, the dispositioning was lost (at least in SonarQube reporting).
Now when we perform a SonarLint analysis of Java source code that contained these issues, we're finding that in some cases SonarLint reports the issue as Blocker severity whereas in other Java source code files the same issue number (squid:S2259) is reported as Major severity.
It seems like even though we lost the dispositioning in SonaQube, there is still some remnant of it that recognizes a downgrade of severity. Is this possible?
A follow-up question is how was SonarLint intended to work when analyzing code with issues that have been dispositioned in SonaQube? Does it attempt to report the disposition or the original issue without regard to its disposition? If the disposition is "false-positive" should it still show up as a Blocker in the SonarLint report? Presumably another developer has already investigated and made a determination, but if I'm running the analysis and I see a blocker I have to re-investigate.
Any help in understanding how this is supposed to work would be appreciated..
-Pat
Reply all
Reply to author
Forward
0 new messages