How should old resurfaced technical debt be handled within leak period?

2
votes

We have an on-premises installation of SonarQube, and after upgrading from version 6.0 to 6.5 I noticed that several bugs and code smells as old as 2012 have resurfaced. I wasn’t expecting that to happen, as per SonarQube 6.3 release notes – see section “Remove noise on the Leak period for newly activated rules”.

Since they are old and we have no plans to handle them now, they are impacting our gate status – which is currently red – and I don’t see how I can get rid of them in a proper way.

I can think of two options:

  • Shorten the leak period, which is not a good approach as existing valid smells in this leak period would be considered technical debt;
  • Mark them as "false positive" or "won’t fix", which is also not a good idea as we would lose traceability of existing bugs and smells we could eventually plan to fix one day.

In such cases, what's the best approach to be taken?

1
sonarqube
Could you give an example? Did you only run an analysis or did you change also a code section including this problem? - Jeroen Heier
After the upgrade, I did an analysis and code in files that have not been changed in a long time (since 2015, some even 2012) had new bugs and code smells connected to them, which caused our Quality Gate to fail. I assume they are the effect of new rules introduced after v. 6.0, but I'm not certain. - Rafael Costa
Example: in a code back from 2012, in a file that has not changed since then, we have had a "Inappropriate casts should not be made" (csharpsquid:S1944) appearing. There are many other smells and bugs with different rules, please let me know if you think they need to be enumerated. - Rafael Costa

1 Answers

0
votes

Just adding an answer here just in case someone may be interested.

The approach I took was to mark all resurfaced debt as won't fix and adding a specific comment to it (could possibly have used a tag too).

Now that we changed to another leak period, I simply reopened all the issues with that specific comment and as expected they all got related to the old technical debt, not the new leak period.