Using SonarQube
- NShiftKey has a Sonarqube, so you can also check SonarQube’s results.
- The version of SonarQube used by NShiftKey : Community Edition (v8.9)
Matching Severity between SonarQube and NShiftKey
- The Severity Levels of SonarQube and NShiftKey are matched as shown in the table below.
| SonarQube | NShiftKey |
|---|---|
| BLOCKER | HIGH |
| CRITICAL | HIGH |
| MAJOR | MEDIUM |
| MINOR | LOW |
| INFO | LOW |
Matching result between SonarQube and NShiftKey
- The result(report) of SonarQube and NShiftKey are matched as shown in the table below.
| SonarQube | NShiftKey |
|---|---|
| Vulnerabilities | code security check |
| Bugs | sonarqube - bug |
| Code smells | sonarqube - code smell |
Default of report level
The default of report level for each type are as follows:
- Vulnerability : ALL (BLOCKER, CRITICAL, MAJOR, MINOR, INFO)
- Bug : only BLOCKER, CRITICAL
- Code smell : only BLOCKER
Please refer to the link for more information about SonarQube’s issue type / report level. [link]
Changing default of report level
If you want to change default of report level, please refer to this link. [Customizing Setting]