Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-6553

Drop the Design related services and metrics

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.2
    • Component/s: DSM
    • Labels:
      None

      Description

      Facts are the following:

      • Few people are using and giving feedback on the Design features (some bugs were discovered very long after they were introduced)
      • This is not surprising because those features currently do not contribute issues nor technical debt, so developers can't manage those "flaws" (for instance, it's impossible to tell that this cycle between package is normal whereas this one is a real problem)
      • What's more, those features are mainly provided on Java projects, so SQ does not offer a consistent experience across different projects
      • Even in the Java world, not all projects benefit from those services because some (like Libraries or Dependencies) are heavily coupled with Maven
      • Features like Libraries or Dependencies do not directly relate to source code analysis, so there's no real reason why we should keep them
      • Features like the DSM can be useful (only for Java projects...), but in its current format it's unusable and most users don't understand how it can be used

      Based on all those facts, all design features should be dropped:

      • Dependencies service
      • Libraries service
      • DSM service
      • Design widgets and metrics

      This will give the opportunity to start from scratch on this topic and offer features that fully match the philosophy and the targets of the SQ platform. This is what is called "Cartography" on the SQ Roadmap page.

        Issue Links

        Progress
        Resolved Sub-Tasks

        Sub-Tasks

        There are no Sub-Tasks for this issue.

          Activity

          Hide
          marks Mark Symons added a comment -

          It's the Dependencies Service that I am particularly missing.

          I use Sonatype Nexus IQ to analyse our software for security (and other) threats. This is great at telling me that there is a threat from a particular component - but not good at telling me anything about dependencies. I also tried other products, such as Black Duck Hub and White Source... none were good at providing dependency information.

          This is where SonaQube Dependencies was so useful. Especially as it would provide a global view that spanned hundreds of projects. Whenever I received a threat alert I would very quickly be able to see root cause using SQ v5.1.2. Or causes. With a large enough set of projects, dependencies can have quite a lot of variety.

          Sure, the Dependencies Service UI was clunky... but it did work.

          Now that I have upgraded from v5.1.2 to v5.6 I am basically in the dark. It takes hours to manually trace dependencies via POMs. I could use an IDE but (speaking as a non-developer) that only seem to give analysis project by project. I would still not have the global perspective that is so desperately needed.

          Please, please bring back this functionality.

          Show
          marks Mark Symons added a comment - It's the Dependencies Service that I am particularly missing. I use Sonatype Nexus IQ to analyse our software for security (and other) threats. This is great at telling me that there is a threat from a particular component - but not good at telling me anything about dependencies. I also tried other products, such as Black Duck Hub and White Source... none were good at providing dependency information. This is where SonaQube Dependencies was so useful. Especially as it would provide a global view that spanned hundreds of projects. Whenever I received a threat alert I would very quickly be able to see root cause using SQ v5.1.2. Or causes. With a large enough set of projects, dependencies can have quite a lot of variety. Sure, the Dependencies Service UI was clunky... but it did work. Now that I have upgraded from v5.1.2 to v5.6 I am basically in the dark. It takes hours to manually trace dependencies via POMs. I could use an IDE but (speaking as a non-developer) that only seem to give analysis project by project. I would still not have the global perspective that is so desperately needed. Please, please bring back this functionality.
          Hide
          jrod John Rodriguez added a comment -

          > Few people are using and giving feedback on the Design features (some bugs were discovered very long after they were introduced)

          Technical debt cleanup is an often-abandoned part of software engineering, so it isn't surprising that feedback wasn't given. However, this was literally the feature that made me aware of Sonar years ago. I'm now revisiting a domain complexity problem and am disappointed to see that this is no longer a feature. The alternative is to tinker with degraph and yed (overly primitive tools) to analyze my project's DSM.

          What is the level of effort to upkeep? I'd be interested in OSS contributions if open for discussion.

          Show
          jrod John Rodriguez added a comment - > Few people are using and giving feedback on the Design features (some bugs were discovered very long after they were introduced) Technical debt cleanup is an often-abandoned part of software engineering, so it isn't surprising that feedback wasn't given. However, this was literally the feature that made me aware of Sonar years ago. I'm now revisiting a domain complexity problem and am disappointed to see that this is no longer a feature. The alternative is to tinker with degraph and yed (overly primitive tools) to analyze my project's DSM. What is the level of effort to upkeep? I'd be interested in OSS contributions if open for discussion.
          Show
          jrod John Rodriguez added a comment - Here's the commit for SONAR-6554 for those interested: https://github.com/SonarSource/sonarqube/commit/3c31c9522af4fe05040ac681f638a81d34a23387
          Show
          jrod John Rodriguez added a comment - Here's the commit for SONAR-6555 : https://github.com/SonarSource/sonarqube/commit/1abbd252c8513f92dbb9875288c5d000bb8f8c29
          Hide
          jrod John Rodriguez added a comment -
          Show
          jrod John Rodriguez added a comment - Here's the commit range for SONAR-6557 : https://github.com/SonarSource/sonarqube/commit/00f29b37b53df77bee37329354d46619ee2a09a7 https://github.com/SonarSource/sonarqube/commit/commit 81c539e66ba0b32109ca48fd61ab8dc54d8d95e5 https://github.com/SonarSource/sonarqube/commit/commit 3cab34083fc3e64a64982acc3ca28141d4da1f18 https://github.com/SonarSource/sonarqube/commit/commit c6233985ff4a9715566def58c8dcd2e7821755e6

            People

            • Assignee:
              julien.lancelot Julien Lancelot
              Reporter:
              fabemn OLD - Fabrice Bellingard
            • Votes:
              0 Vote for this issue
              Watchers:
              18 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved: