You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@daffodil.apache.org by Helge Pfeiffer <ro...@itu.dk> on 2021/06/16 21:37:37 UTC
SonarCloud Code Smell Reduction?
Dear Daffodil developers,
My name is Helge, I am a researcher at IT University of Copenhagen [1].
I am currently conducting a study on the impact of continuous code quality assessment tools (SonarQube) on defects.
I am writing to you -the Daffodil developers-, since I found that Daffodil uses SonarCloud for continuous code quality assessment, that it is the ASF project with the lowest amount of code smells, vulnerabilities and 'bugs' in SonarCloud,
and that it is the project with the biggest reduction of code smells (drop of ca. 60% within around 2 months) [2].
However, I am wondering if the drastic reduction of code smells that are reported by SonarCloud is due to code changes that address these issues or if it is caused by configuration of the rules ("quality profile") that SonarCloud applies.
I believe the latter is the case. I can only find 5 commits that are related to SonarQube/-Cloud or any of the reported code smells, vulnerabilities, or bugs [3]. I identified these commits by searching for `[Ss]mell`, `[Vv]ulnerabilit[iy]`, `[Bb]ug`, and `[Ss]onar` in the commit history and the Jira issue tracker.
I cannot see that these 5 commits are addressing multiple hundreds of SonarCloud code smells. However, I can see many changes of the kind `Quality Profile:Changes in 'Sonar way'` especially in the beginning of SonarClouds project activity [4].
Another possibility is of course that I just do not find the commits that address the SonarCloud code smells.
Therefore, I would really appreciate your feedback to my question:
1) Is the drastic reduction of code smells that SonarCloud reports for Daffodil due to configuration of SonarCloud's quality profiles?
1.1) If not, could you please point me to some of the commits that address code smells and that I fail to identify?
Thank you in advance for your feedback and consideration. I will share the results of my work with you as soon they are written down in a presentable format.
Best regards,
Helge
-------------------
[1] https://www.itu.dk/people/ropf/ and https://www.researchgate.net/profile/Helge-Pfeiffer-2
[2] https://sonarcloud.io/project/activity?id=apache-daffodil
[3] Commits related to SonarQube/-Cloud, code smells, vulnerabilities, or bugs
* https://github.com/apache/daffodil/commit/2426e7f8527c289937506178a0e65da421d999ea
* https://github.com/apache/daffodil/commit/f3eee732f1f5535d0177877720c4fe9f39bc3327
* https://github.com/apache/daffodil/commit/075ed018d786d332deddc5e20169939f95470fef
* https://github.com/apache/daffodil/commit/8bcd8ef9440a890156915377bf55bf21047660dd
* https://github.com/apache/daffodil/commit/b1d4c5412db985ecfdbb6fa6c860f8205991b902
[4] https://sonarcloud.io/project/activity?id=apache-daffodil&selected_date=2020-04-24T17%3A05%3A46%2B0000
Re: SonarCloud Code Smell Reduction?
Posted by Helge Pfeiffer <ro...@itu.dk>.
Hej John and Lola,
Thank you very much for your responses to my questions! They help me a lot in understanding SonarClouds dashboard and the reasons for the reported numbers.
Thank you also for the additional links to issues in Jira and commits on Github.
Best regards,
Helge
> On 17 Jun 2021, at 20.38, Kilo, Olabusayo <ok...@owlcyberdefense.com> wrote:
>
> Hello Helge (and Jon),
>
> I looked through the changelog for the quality profiles we use in Daffodil, and we did indeed make changes to the configuration between April 17 and the 27th. We were working on configuring Sonarcloud for the project and the whole period from Feb till end of Apr was a spin-up period, where we were figuring things out. After discussing the configurations available from the default Scala and Java configurations, we noted which were appropriate to the project and enabled/disabled them in the configuration. Some of that work was detailed at [1] and [2]. As far for code updates addressing the issues, see [3] - [6] for some additional commits from that time.
>
>
> [1] https://issues.apache.org/jira/browse/DAFFODIL-2272
>
> [2] https://issues.apache.org/jira/browse/DAFFODIL-2275
>
> [3] https://github.com/apache/daffodil/commit/5e63af1f5e0cd268b84e9de9735baac19310aeff
>
> [4] https://github.com/apache/daffodil/commit/7be19a16eaf6a50cb22dd03f75ac16eee208b663
>
> [5] https://github.com/apache/daffodil/commit/ca9353ffea9a9edf3bd266ec2d0a966b0849a387
>
> [6] https://github.com/apache/daffodil/commit/5acd1777e88245626cea77ea8ce3e7df80c0fdad
>
>
> --
>
> Best Regards,
>
> Lola K.
>
> ________________________________
> From: Interrante, John A (GE Research, US) <Jo...@ge.com>
> Sent: Thursday, June 17, 2021 10:58 AM
> To: dev@daffodil.apache.org <de...@daffodil.apache.org>
> Subject: RE: SonarCloud Code Smell Reduction?
>
> Hello Helge,
>
> I looked at both commits [1] and pull requests [2]. I found no commits or pull requests that plausibly could explain the drop in code smells from March 26 to April 27 on the chart [3] you linked to. No one had mentioned doing anything to reduce SonarQube code smells on the dev or users lists either. I think you are correct that the configuration of SonarCloud's quality profiles must have changed, although I don't know if any other Daffodil maintainer made a change or if SonarCloud made a change itself.
>
> Mike and Steve, did you change anything in the SonarCloud configuration either?
>
> John
>
> [1] https://github.com/apache/daffodil/commits/master
> [2] https://github.com/apache/daffodil/pulls?q=is%3Apr+is%3Aclosed
> [3] https://sonarcloud.io/project/activity?id=apache-daffodil&selected_date=2020-04-24T17%3A05%3A46%2B0000
>
> -----Original Message-----
> From: Helge Pfeiffer <ro...@itu.dk>
> Sent: Wednesday, June 16, 2021 5:38 PM
> To: dev@daffodil.apache.org
> Subject: EXT: SonarCloud Code Smell Reduction?
>
> Dear Daffodil developers,
>
> My name is Helge, I am a researcher at IT University of Copenhagen [1].
> I am currently conducting a study on the impact of continuous code quality assessment tools (SonarQube) on defects.
>
> I am writing to you -the Daffodil developers-, since I found that Daffodil uses SonarCloud for continuous code quality assessment, that it is the ASF project with the lowest amount of code smells, vulnerabilities and 'bugs' in SonarCloud, and that it is the project with the biggest reduction of code smells (drop of ca. 60% within around 2 months) [2].
>
> However, I am wondering if the drastic reduction of code smells that are reported by SonarCloud is due to code changes that address these issues or if it is caused by configuration of the rules ("quality profile") that SonarCloud applies.
>
> I believe the latter is the case. I can only find 5 commits that are related to SonarQube/-Cloud or any of the reported code smells, vulnerabilities, or bugs [3]. I identified these commits by searching for `[Ss]mell`, `[Vv]ulnerabilit[iy]`, `[Bb]ug`, and `[Ss]onar` in the commit history and the Jira issue tracker.
> I cannot see that these 5 commits are addressing multiple hundreds of SonarCloud code smells. However, I can see many changes of the kind `Quality Profile:Changes in 'Sonar way'` especially in the beginning of SonarClouds project activity [4].
> Another possibility is of course that I just do not find the commits that address the SonarCloud code smells.
>
> Therefore, I would really appreciate your feedback to my question:
>
> 1) Is the drastic reduction of code smells that SonarCloud reports for Daffodil due to configuration of SonarCloud's quality profiles?
> 1.1) If not, could you please point me to some of the commits that address code smells and that I fail to identify?
>
>
>
> Thank you in advance for your feedback and consideration. I will share the results of my work with you as soon they are written down in a presentable format.
>
>
> Best regards,
> Helge
>
>
>
> -------------------
>
> [1] https://www.itu.dk/people/ropf/ and https://www.researchgate.net/profile/Helge-Pfeiffer-2
> [2] https://sonarcloud.io/project/activity?id=apache-daffodil
> [3] Commits related to SonarQube/-Cloud, code smells, vulnerabilities, or bugs
> * https://github.com/apache/daffodil/commit/2426e7f8527c289937506178a0e65da421d999ea
> * https://github.com/apache/daffodil/commit/f3eee732f1f5535d0177877720c4fe9f39bc3327
> * https://github.com/apache/daffodil/commit/075ed018d786d332deddc5e20169939f95470fef
> * https://github.com/apache/daffodil/commit/8bcd8ef9440a890156915377bf55bf21047660dd
> * https://github.com/apache/daffodil/commit/b1d4c5412db985ecfdbb6fa6c860f8205991b902
>
> [4] https://sonarcloud.io/project/activity?id=apache-daffodil&selected_date=2020-04-24T17%3A05%3A46%2B0000
Re: SonarCloud Code Smell Reduction?
Posted by "Kilo, Olabusayo" <ok...@owlcyberdefense.com>.
Hello Helge (and Jon),
I looked through the changelog for the quality profiles we use in Daffodil, and we did indeed make changes to the configuration between April 17 and the 27th. We were working on configuring Sonarcloud for the project and the whole period from Feb till end of Apr was a spin-up period, where we were figuring things out. After discussing the configurations available from the default Scala and Java configurations, we noted which were appropriate to the project and enabled/disabled them in the configuration. Some of that work was detailed at [1] and [2]. As far for code updates addressing the issues, see [3] - [6] for some additional commits from that time.
[1] https://issues.apache.org/jira/browse/DAFFODIL-2272
[2] https://issues.apache.org/jira/browse/DAFFODIL-2275
[3] https://github.com/apache/daffodil/commit/5e63af1f5e0cd268b84e9de9735baac19310aeff
[4] https://github.com/apache/daffodil/commit/7be19a16eaf6a50cb22dd03f75ac16eee208b663
[5] https://github.com/apache/daffodil/commit/ca9353ffea9a9edf3bd266ec2d0a966b0849a387
[6] https://github.com/apache/daffodil/commit/5acd1777e88245626cea77ea8ce3e7df80c0fdad
--
Best Regards,
Lola K.
________________________________
From: Interrante, John A (GE Research, US) <Jo...@ge.com>
Sent: Thursday, June 17, 2021 10:58 AM
To: dev@daffodil.apache.org <de...@daffodil.apache.org>
Subject: RE: SonarCloud Code Smell Reduction?
Hello Helge,
I looked at both commits [1] and pull requests [2]. I found no commits or pull requests that plausibly could explain the drop in code smells from March 26 to April 27 on the chart [3] you linked to. No one had mentioned doing anything to reduce SonarQube code smells on the dev or users lists either. I think you are correct that the configuration of SonarCloud's quality profiles must have changed, although I don't know if any other Daffodil maintainer made a change or if SonarCloud made a change itself.
Mike and Steve, did you change anything in the SonarCloud configuration either?
John
[1] https://github.com/apache/daffodil/commits/master
[2] https://github.com/apache/daffodil/pulls?q=is%3Apr+is%3Aclosed
[3] https://sonarcloud.io/project/activity?id=apache-daffodil&selected_date=2020-04-24T17%3A05%3A46%2B0000
-----Original Message-----
From: Helge Pfeiffer <ro...@itu.dk>
Sent: Wednesday, June 16, 2021 5:38 PM
To: dev@daffodil.apache.org
Subject: EXT: SonarCloud Code Smell Reduction?
Dear Daffodil developers,
My name is Helge, I am a researcher at IT University of Copenhagen [1].
I am currently conducting a study on the impact of continuous code quality assessment tools (SonarQube) on defects.
I am writing to you -the Daffodil developers-, since I found that Daffodil uses SonarCloud for continuous code quality assessment, that it is the ASF project with the lowest amount of code smells, vulnerabilities and 'bugs' in SonarCloud, and that it is the project with the biggest reduction of code smells (drop of ca. 60% within around 2 months) [2].
However, I am wondering if the drastic reduction of code smells that are reported by SonarCloud is due to code changes that address these issues or if it is caused by configuration of the rules ("quality profile") that SonarCloud applies.
I believe the latter is the case. I can only find 5 commits that are related to SonarQube/-Cloud or any of the reported code smells, vulnerabilities, or bugs [3]. I identified these commits by searching for `[Ss]mell`, `[Vv]ulnerabilit[iy]`, `[Bb]ug`, and `[Ss]onar` in the commit history and the Jira issue tracker.
I cannot see that these 5 commits are addressing multiple hundreds of SonarCloud code smells. However, I can see many changes of the kind `Quality Profile:Changes in 'Sonar way'` especially in the beginning of SonarClouds project activity [4].
Another possibility is of course that I just do not find the commits that address the SonarCloud code smells.
Therefore, I would really appreciate your feedback to my question:
1) Is the drastic reduction of code smells that SonarCloud reports for Daffodil due to configuration of SonarCloud's quality profiles?
1.1) If not, could you please point me to some of the commits that address code smells and that I fail to identify?
Thank you in advance for your feedback and consideration. I will share the results of my work with you as soon they are written down in a presentable format.
Best regards,
Helge
-------------------
[1] https://www.itu.dk/people/ropf/ and https://www.researchgate.net/profile/Helge-Pfeiffer-2
[2] https://sonarcloud.io/project/activity?id=apache-daffodil
[3] Commits related to SonarQube/-Cloud, code smells, vulnerabilities, or bugs
* https://github.com/apache/daffodil/commit/2426e7f8527c289937506178a0e65da421d999ea
* https://github.com/apache/daffodil/commit/f3eee732f1f5535d0177877720c4fe9f39bc3327
* https://github.com/apache/daffodil/commit/075ed018d786d332deddc5e20169939f95470fef
* https://github.com/apache/daffodil/commit/8bcd8ef9440a890156915377bf55bf21047660dd
* https://github.com/apache/daffodil/commit/b1d4c5412db985ecfdbb6fa6c860f8205991b902
[4] https://sonarcloud.io/project/activity?id=apache-daffodil&selected_date=2020-04-24T17%3A05%3A46%2B0000
RE: SonarCloud Code Smell Reduction?
Posted by "Interrante, John A (GE Research, US)" <Jo...@ge.com>.
Hello Helge,
I looked at both commits [1] and pull requests [2]. I found no commits or pull requests that plausibly could explain the drop in code smells from March 26 to April 27 on the chart [3] you linked to. No one had mentioned doing anything to reduce SonarQube code smells on the dev or users lists either. I think you are correct that the configuration of SonarCloud's quality profiles must have changed, although I don't know if any other Daffodil maintainer made a change or if SonarCloud made a change itself.
Mike and Steve, did you change anything in the SonarCloud configuration either?
John
[1] https://github.com/apache/daffodil/commits/master
[2] https://github.com/apache/daffodil/pulls?q=is%3Apr+is%3Aclosed
[3] https://sonarcloud.io/project/activity?id=apache-daffodil&selected_date=2020-04-24T17%3A05%3A46%2B0000
-----Original Message-----
From: Helge Pfeiffer <ro...@itu.dk>
Sent: Wednesday, June 16, 2021 5:38 PM
To: dev@daffodil.apache.org
Subject: EXT: SonarCloud Code Smell Reduction?
Dear Daffodil developers,
My name is Helge, I am a researcher at IT University of Copenhagen [1].
I am currently conducting a study on the impact of continuous code quality assessment tools (SonarQube) on defects.
I am writing to you -the Daffodil developers-, since I found that Daffodil uses SonarCloud for continuous code quality assessment, that it is the ASF project with the lowest amount of code smells, vulnerabilities and 'bugs' in SonarCloud, and that it is the project with the biggest reduction of code smells (drop of ca. 60% within around 2 months) [2].
However, I am wondering if the drastic reduction of code smells that are reported by SonarCloud is due to code changes that address these issues or if it is caused by configuration of the rules ("quality profile") that SonarCloud applies.
I believe the latter is the case. I can only find 5 commits that are related to SonarQube/-Cloud or any of the reported code smells, vulnerabilities, or bugs [3]. I identified these commits by searching for `[Ss]mell`, `[Vv]ulnerabilit[iy]`, `[Bb]ug`, and `[Ss]onar` in the commit history and the Jira issue tracker.
I cannot see that these 5 commits are addressing multiple hundreds of SonarCloud code smells. However, I can see many changes of the kind `Quality Profile:Changes in 'Sonar way'` especially in the beginning of SonarClouds project activity [4].
Another possibility is of course that I just do not find the commits that address the SonarCloud code smells.
Therefore, I would really appreciate your feedback to my question:
1) Is the drastic reduction of code smells that SonarCloud reports for Daffodil due to configuration of SonarCloud's quality profiles?
1.1) If not, could you please point me to some of the commits that address code smells and that I fail to identify?
Thank you in advance for your feedback and consideration. I will share the results of my work with you as soon they are written down in a presentable format.
Best regards,
Helge
-------------------
[1] https://www.itu.dk/people/ropf/ and https://www.researchgate.net/profile/Helge-Pfeiffer-2
[2] https://sonarcloud.io/project/activity?id=apache-daffodil
[3] Commits related to SonarQube/-Cloud, code smells, vulnerabilities, or bugs
* https://github.com/apache/daffodil/commit/2426e7f8527c289937506178a0e65da421d999ea
* https://github.com/apache/daffodil/commit/f3eee732f1f5535d0177877720c4fe9f39bc3327
* https://github.com/apache/daffodil/commit/075ed018d786d332deddc5e20169939f95470fef
* https://github.com/apache/daffodil/commit/8bcd8ef9440a890156915377bf55bf21047660dd
* https://github.com/apache/daffodil/commit/b1d4c5412db985ecfdbb6fa6c860f8205991b902
[4] https://sonarcloud.io/project/activity?id=apache-daffodil&selected_date=2020-04-24T17%3A05%3A46%2B0000