Comparison of the public quality profiles

[stefan....@gmail.com]

Dear Community,

within the scope of a scientific work, delivererd by the binary college of Baden-Würtemberg in Germany I try to benchmark the public rulessets.
The main attention lies on the three Groups: "Spring/SpringSource", "Eclipse" and "Apache Software Foundation".
In this groups I used the 3 most used profiles ( which are clearly most used) and found out that they have many common characteristics.
The Quality profiles I mean are the following:

• Apache Directory Rules
• Spring Integration
• Sonar Way with Findbugs (in the Eclipse Group)

The "Apache Directory Rules"-Set is a directly component of the other two.

The Sonar Way with Findbugs gives some more rules compared with Spring Integration which are not really necessary.

So why this three Quality Profiles are nearly identically if one look at the rules and why is there thus a big jump from Apache to the other two?
Could you explain to me when you rather use which Quality Profile and why?
What is the "Apache Directory Rules"-Set for and for which are the others?

Thank you very much

Regards
Stefan Mayer

[G. Ann Campbell]

@Stefan, where do you see these rule sets defined? They're not default offerings of the Java plugin...

[stefan....@gmail.com]

@Ann, sorry I think I didn`t specify enough.

I mean the Projects on http://www.sonarqube.org/resources/public-sonarqube-instances/
For my company necessary are the three listet options of rule set collections.
The Quality Gate "Sonar Way with Findbugs" ist on all three of them nearly the same so I decided to compare them direct withhin the Tool on the Website and found out, what I wrote below. Now I know the difference between them but I don`t know when which of them is used.

Excuse please if this is the wrong place for the question

[stefan....@gmail.com]

Excuse me. I meant that the "Sonar way with findbugs"-Set is nearly the same within the three collections so I compared the specific "sonar way with findbugs" in every of that collection with the Quality Profile that is used the most ("Spring Integration" and "Apache Directory Rules")

[G. Ann Campbell]

Okay, I think you're asking about the differences in the "Sonar way with FindBugs" profile on 3 different public instances of SonarQube. :-)

The most likely scenario is that those 3 instances were spun up at different times. The profiles evolve over time as new rules are made available, so the smallest subset is likely to represent the oldest installation.

But this is just speculation. Note that for a while now it has been possible to modify the default profiles, so it's also possible (but less likely IMO) that the differences represent rule choices made by the instances' owners. To know for sure, you'd need to contact the instances' owners.

Note also that FindBugs is no longer shipped by default with the platform, and the Sonar way with Findbugs profile is no longer available by default. However, the FindBugs plugin does offer a profile containing all the FB rules that were previously in that profile.

HTH,

Ann

[Michel Pawlak]

Hello,

Well... 

• You have one tool : Sonarqube
• You have 3 instances of this tool that have been deployed at 3 different places none being (unless I'm wrong) under control of SonarQube / SonarSource
• All three instances use different versions of the tool (4.5.1, 4.5.4 , 5.1) (and probably of the plugins, but I could not verify this) which also means different rules that are available and thus different rules available for the "Sonar way with Findbugs" profile
• You have no guarranty that the profile "Sonar way with Findbugs" hasn't been modified on any of these instances (it's a profile, you can add/remove rules)
• You ask on the tool's group why a specific instance has a profile differs from the one on another instance (tell me how can for instance Microsoft know how IIS is configured at company XYZ and why XYZ's configuration is different from the one at UVW ?)
  
• You also ask why and when they use profile A, B or C but if we're not part of the QA people of these organizations, how can we know it ? (I just can tell you that eclipse uses "Sonar way with Findbugs" for all their projects which is kind of odd)

You should ask your questions to the different instance owners, i.e. Eclipse, Apache and Spring not SonarSource.

What I can tell you is that most organization have their own ruleset that is adapted to their context, to the maturity of their teams, to the risks of the projects, standards and technologies involved. If their QA team does their job well they have adapted the profiles to their needs (or like the Eclipse group they just use a non-controversial off the shelf ready profile, which supposes that they have no clue what code quality management means or that they don't have resources in order to adapt the profile to their needs (am I provocative enough ? ;-)) ) For instance the profiles I'm defining at the company I'm working for is not comparable with "Sonar way", and we do it for good reasons.

I have the guts feeling that you try to compare apples with pears (or your objective is to analyse the maturity of these three communities, but then you should ask your questions directly to the right people)

Kind regards,

Michel

[stefan....@gmail.com]

Hello, thanks for the answers.

As I see I have interpreted the directories wrong.
@Michel That was exactly what I mean.

I thought that the Profile "Sonar Way with Findbugs" is always the same (expect of the publication time like Ann told me).
It seems that it is not that easy.
furthermore have I supposed that the profiles are not separated and that I could find the best ones by the number of the used projects.


In this case I will have to compare the profiles by hand to recognise a pattern between them.
After that I must look at my own developers and configure the ruleset to their needs.

Thank you very much for you help

Regards
Stefan Mayer