<tfoot id='oxu9U'></tfoot><legend id='oxu9U'><style id='oxu9U'><dir id='oxu9U'><q id='oxu9U'></q></dir></style></legend>

      1. <i id='oxu9U'><tr id='oxu9U'><dt id='oxu9U'><q id='oxu9U'><span id='oxu9U'><b id='oxu9U'><form id='oxu9U'><ins id='oxu9U'></ins><ul id='oxu9U'></ul><sub id='oxu9U'></sub></form><legend id='oxu9U'></legend><bdo id='oxu9U'><pre id='oxu9U'><center id='oxu9U'></center></pre></bdo></b><th id='oxu9U'></th></span></q></dt></tr></i><div id='oxu9U'><tfoot id='oxu9U'></tfoot><dl id='oxu9U'><fieldset id='oxu9U'></fieldset></dl></div>
          <bdo id='oxu9U'></bdo><ul id='oxu9U'></ul>

        <small id='oxu9U'></small><noframes id='oxu9U'>

        Sonar 在旧代码中显示新的违规行为

        Sonar is showing new violations in old code(Sonar 在旧代码中显示新的违规行为)
          <tbody id='VZ5gx'></tbody>
            <bdo id='VZ5gx'></bdo><ul id='VZ5gx'></ul>

              <i id='VZ5gx'><tr id='VZ5gx'><dt id='VZ5gx'><q id='VZ5gx'><span id='VZ5gx'><b id='VZ5gx'><form id='VZ5gx'><ins id='VZ5gx'></ins><ul id='VZ5gx'></ul><sub id='VZ5gx'></sub></form><legend id='VZ5gx'></legend><bdo id='VZ5gx'><pre id='VZ5gx'><center id='VZ5gx'></center></pre></bdo></b><th id='VZ5gx'></th></span></q></dt></tr></i><div id='VZ5gx'><tfoot id='VZ5gx'></tfoot><dl id='VZ5gx'><fieldset id='VZ5gx'></fieldset></dl></div>

              1. <small id='VZ5gx'></small><noframes id='VZ5gx'>

                <legend id='VZ5gx'><style id='VZ5gx'><dir id='VZ5gx'><q id='VZ5gx'></q></dir></style></legend>
                <tfoot id='VZ5gx'></tfoot>

                  本文介绍了Sonar 在旧代码中显示新的违规行为的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  我们正在使用 Sonar Qube 6.7.3 和 sonar-java-plugin 5.3

                  我们最近对声纳配置进行了以下更改

                  1. 启用新规则
                  2. 将配置更改为包含字节码(从 'clean sonar:sonar' 更改为 'clean package sonar:sonar')

                  我们正在使用声纳 svn 插件并为其提供有效凭据.

                  我了解向 sonar 提供字节码将有助于它识别更多问题,但是,我希望 Sonar 根据 svn 代码提交日期和最后分析日期标记新问题,但事实并非如此..p>

                  请告诉我为什么它将旧代码中的问题标记为新代码?

                  解决方案

                  Sonar Sanner 总是扫描整个代码库.如果有人确定某些代码结构是错误的或危险的(规则集已更改),那么 SonarQube 必须通知该代码的所有出现.为什么?让我们考虑以下示例:

                  插件升级后,SonarQube 提供了一个新的非常重要的安全规则,禁止使用危险的密码算法.现在是问题:

                  • 只有在新代码中才有危险吗?
                  • 总是很危险吗?

                  当然,这总是很危险的.SonarQube 不会强迫您修复所有问题(质量门的使用是可选的).它的主要目标是让您了解整个代码库中存在多少问题(代码异味/错误/漏洞).

                  We are using Sonar Qube 6.7.3 and sonar-java-plugin 5.3

                  We have made below changes to our sonar configuration recently

                  1. Enabled new rules
                  2. Changed configuration to include byte code(changed from 'clean sonar:sonar' to 'clean package sonar:sonar')

                  We are using sonar svn plugin and provide valid credentials to it.

                  I understand providing byte code to sonar will help it identify more issues but, I expect Sonar to flag new issues based on svn code commit date and last analysis date, but it is not.

                  Please let me know why it is flagging issues in old code as new?

                  解决方案

                  Sonar Sanner always scans the entire code base. If somebody has decided that some code structures are wrong or dangerous (the ruleset have been changed) then SonarQube has to notify about all occurrences of that code. Why? Let's think about the following example:

                  After a plugin upgrade, SonarQube provides a new very important security rule which forbids the use of a dangerous cipher algorithm. Now is the question:

                  • is it only dangerous in new code?
                  • is it always dangerous?

                  Of course, it is always dangerous. SonarQube doesn't force you to fix everything (usage of the quality gates is optional). Its main goal is to let you know how many problems (code smells/bugs/vulnerabilities) exist in the whole code base.

                  这篇关于Sonar 在旧代码中显示新的违规行为的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

                  相关文档推荐

                  Slf4j LoggerFactory.getLogger and sonarqube(Slf4j LoggerFactory.getLogger 和 sonarqube)
                  Security - Array is stored directly(安全性 - 数组直接存储)
                  SonarQube quot;Class Not Foundquot; during Main AST Scan(SonarQube“找不到类在主 AST 扫描期间)
                  Integrate Spock#39;s test with Sonar(将 Spock 的测试与声纳集成)
                  How do I make Hudson/Jenkins fail if Sonar thresholds are breached?(如果违反声纳阈值,我如何让 Hudson/Jenkins 失败?)
                  automatically add curly brackets to all if/else/for/while etc. in a java code-base(自动将大括号添加到 java 代码库中的所有 if/else/for/while 等)

                    <small id='q3dLo'></small><noframes id='q3dLo'>

                    <tfoot id='q3dLo'></tfoot>

                      • <bdo id='q3dLo'></bdo><ul id='q3dLo'></ul>
                        <i id='q3dLo'><tr id='q3dLo'><dt id='q3dLo'><q id='q3dLo'><span id='q3dLo'><b id='q3dLo'><form id='q3dLo'><ins id='q3dLo'></ins><ul id='q3dLo'></ul><sub id='q3dLo'></sub></form><legend id='q3dLo'></legend><bdo id='q3dLo'><pre id='q3dLo'><center id='q3dLo'></center></pre></bdo></b><th id='q3dLo'></th></span></q></dt></tr></i><div id='q3dLo'><tfoot id='q3dLo'></tfoot><dl id='q3dLo'><fieldset id='q3dLo'></fieldset></dl></div>
                            <tbody id='q3dLo'></tbody>
                          <legend id='q3dLo'><style id='q3dLo'><dir id='q3dLo'><q id='q3dLo'></q></dir></style></legend>