Hello Helge, I looked at both commits [1] and pull requests [2]. I found no commits or pull requests that plausibly could explain the drop in code smells from March 26 to April 27 on the chart [3] you linked to. No one had mentioned doing anything to reduce SonarQube code smells on the dev or users lists either. I think you are correct that the configuration of SonarCloud's quality profiles must have changed, although I don't know if any other Daffodil maintainer made a change or if SonarCloud made a change itself.
Mike and Steve, did you change anything in the SonarCloud configuration either? John [1] https://github.com/apache/daffodil/commits/master [2] https://github.com/apache/daffodil/pulls?q=is%3Apr+is%3Aclosed [3] https://sonarcloud.io/project/activity?id=apache-daffodil&selected_date=2020-04-24T17%3A05%3A46%2B0000 -----Original Message----- From: Helge Pfeiffer <[email protected]> Sent: Wednesday, June 16, 2021 5:38 PM To: [email protected] Subject: EXT: SonarCloud Code Smell Reduction? Dear Daffodil developers, My name is Helge, I am a researcher at IT University of Copenhagen [1]. I am currently conducting a study on the impact of continuous code quality assessment tools (SonarQube) on defects. I am writing to you -the Daffodil developers-, since I found that Daffodil uses SonarCloud for continuous code quality assessment, that it is the ASF project with the lowest amount of code smells, vulnerabilities and 'bugs' in SonarCloud, and that it is the project with the biggest reduction of code smells (drop of ca. 60% within around 2 months) [2]. However, I am wondering if the drastic reduction of code smells that are reported by SonarCloud is due to code changes that address these issues or if it is caused by configuration of the rules ("quality profile") that SonarCloud applies. I believe the latter is the case. I can only find 5 commits that are related to SonarQube/-Cloud or any of the reported code smells, vulnerabilities, or bugs [3]. I identified these commits by searching for `[Ss]mell`, `[Vv]ulnerabilit[iy]`, `[Bb]ug`, and `[Ss]onar` in the commit history and the Jira issue tracker. I cannot see that these 5 commits are addressing multiple hundreds of SonarCloud code smells. However, I can see many changes of the kind `Quality Profile:Changes in 'Sonar way'` especially in the beginning of SonarClouds project activity [4]. Another possibility is of course that I just do not find the commits that address the SonarCloud code smells. Therefore, I would really appreciate your feedback to my question: 1) Is the drastic reduction of code smells that SonarCloud reports for Daffodil due to configuration of SonarCloud's quality profiles? 1.1) If not, could you please point me to some of the commits that address code smells and that I fail to identify? Thank you in advance for your feedback and consideration. I will share the results of my work with you as soon they are written down in a presentable format. Best regards, Helge ------------------- [1] https://www.itu.dk/people/ropf/ and https://www.researchgate.net/profile/Helge-Pfeiffer-2 [2] https://sonarcloud.io/project/activity?id=apache-daffodil [3] Commits related to SonarQube/-Cloud, code smells, vulnerabilities, or bugs * https://github.com/apache/daffodil/commit/2426e7f8527c289937506178a0e65da421d999ea * https://github.com/apache/daffodil/commit/f3eee732f1f5535d0177877720c4fe9f39bc3327 * https://github.com/apache/daffodil/commit/075ed018d786d332deddc5e20169939f95470fef * https://github.com/apache/daffodil/commit/8bcd8ef9440a890156915377bf55bf21047660dd * https://github.com/apache/daffodil/commit/b1d4c5412db985ecfdbb6fa6c860f8205991b902 [4] https://sonarcloud.io/project/activity?id=apache-daffodil&selected_date=2020-04-24T17%3A05%3A46%2B0000
