sonarqubesonarlintsonarlint-vs

How to download the latest SonarLint rule set for Visual Studio from SonarQube with customized rule severity settings?

We have SonarQube 5.4 and SonarLint 2.0 setup in "connected mode" for Visual Studio 2015. Everything seems to work fine, except when we customize the severity of rules on the server then those custom severity settings don't show in the Visual Studio rule set.

Here are the steps we follow:

  1. Customize a rule's severity on the server, say from it default of "Info" to "Critical".
  2. Since we have "connected mode" setup, now synchronize the solution to pull down a new version of the rule set.
    • Note: To rule out "connected mode" as a problem, we also manually downloaded the rule set from the "Quality Profiles" page in SonarQube using the permalink for "SonarLint for Visual Studio Rule Set".
  3. Open the newly downloaded ruleset file and notice the rule is still set to it's default severity (In this example, the ruleset still shows the default "Info" severity as a "Warning" in the ruleset file. I would expect it to have been updated to "Error").

The only thing that seems to change the downloaded ruleset file is when we activate/deactivate a rule on the server, and then it is added/removed correctly.

Is this a bug in SonarQube? Or are we just missing some workflow?

This leads to a followup question: How do severity settings on the SonarQube server map to Visual Studio ruleset settings? We've noticed that "Info" on SonarQube does not map to "Info" in Visual Studio. I would have expected something like the following mapping:

    SonarQube   Visual Studio
    ---------   -------------
    Blocker   = Error
    Critical  = Error
    Major     = Error
    Minor     = Warning
    Info      = Info
Solution

  • The problem is that there's no one-on-one severity mapping between SonarQube and Visual Studio, so we chose a safe solution and export everything as warning, and nothing as error, because that would break the compilation.

    You can change the ruleset locally, and strengthen the ruleset file, so marking the issues as errors. The re-synchronization with SonarQube will not revert back your changes if they made the quality profile stronger.

    Note that the following ticket has been created to address this issue: https://jira.sonarsource.com/browse/SONARCS-591