Why where the manual rules/issues removed?

[michael....@gmail.com]

We recently installed an actual version (5.6) of Sonarqube and saw, that we do not have the Manual Rules Repository anymore and can not create manual rules as well as create manual issues in the code view. 

It seems it comes down to that issue: https://jira.sonarsource.com/browse/MMF-233 - but there is no mention about dropping that feature in your blog (looking through the posts of 2016 as well as the specific tag "manual reviews" ( http://www.sonarqube.org/tag/manual-reviews/ )

Is there any bigger reason behind the removal but "lets get rid of all the features"? I saw it as something really usefull.

What alternatives (beside downgrading to 5.4) do we have?

Greetings,

  Michael Kling

[Fabrice Bellingard]

Hi Michael,

When we introduced them a couple of years ago, manual rules and issues were an attempt to provide a kind of manual code review feature in SonarQube. Looking back, this was a mistake for one main reason: what SonarQube is designed for and what it does perfectly is automatic code review. Human code review is a fully different world with different needs, and lots of existing tools perfectly cover those needs (because they focus only on this like SonarQube focuses only on automatic code review). Even at SonarSource, we've never managed to use this feature and ended up doing code review on GitHub pull request with SonarQube contributing issues to them. That's the reason why we decided to drop these manual rules and issues which were, in the end, a very poor implementation for human code review that had lots of limitations.

The best thing you can do it use a real human code review tool and wire SonarQube on top of it to feed it with issues before they even get to the SonarQube server - exactly like what we do with the GitHub Pull Request plugin.

HTH,

Best regards,

Fabrice BELLINGARD | SonarSource SonarQube & SonarLint Product Manager http://sonarsource.com

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/deee5fdd-be80-45a6-b398-55d8ba4b9515%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[karol...@gmail.com]

Hi, 

It's ok to say that sonarqube is not a manual code review tool, but I think that manual rules were essential to your tool to be a technical debt management tool. 

Taking the example of design debt. If a developper violate the single responsability principle (SOLID Principles), it's in fact technical debt, but we don't have any automatic way to find thoses issues. Manual rules/issues were great for that. With manual rules/issues, we would be able to centralize all our technical debt management in one tool.

Disappointing isn't it?

Karol

[Brian Sperlongano]

Hi Fabrice,

Isn't S2076 a manual rule?  It warns you that you are possibly sending variable data to the OS via Process.exec().  A worthy check, but a read of the description indicates that this is a manual review.  Is that check consistent with the goal of automatic code review?

Thanks,

Brian

[G. Ann Campbell]

Hi Brian,

Expecting that people will slog through an entire code base to raise issues by hand is a different proposition from pinpointing a particular spot in the code that needs human review.

Ann