From 4e232156aab47f195c3558757df2b87a7153cfea Mon Sep 17 00:00:00 2001
From: michaelbirnstiehl <michael.birnstiehl@sonarsource.com>
Date: Mon, 22 Mar 2021 13:43:28 -0500
Subject: [PATCH] SONAR-14623 Add documentation about accepting plugin risks

---
 .../instance-administration/marketplace.md    |  7 ++--
 .../src/pages/setup/install-cluster.md        |  2 +-
 .../src/pages/setup/install-plugin.md         | 34 +++++++++++++------
 .../src/pages/setup/upgrade-notes.md          |  5 ++-
 4 files changed, 34 insertions(+), 14 deletions(-)

diff --git a/server/sonar-docs/src/pages/instance-administration/marketplace.md b/server/sonar-docs/src/pages/instance-administration/marketplace.md
index 13ec3a844e4..239b962e13b 100644
--- a/server/sonar-docs/src/pages/instance-administration/marketplace.md
+++ b/server/sonar-docs/src/pages/instance-administration/marketplace.md
@@ -3,6 +3,9 @@ title: Marketplace
 url: /instance-administration/marketplace/
 ---
 
+[[info]]
+| You can only install and update plugins from the Marketplace in SonarQube Community Edition. With commercial editions, you need manually install and update your plugins. See [Install a Plugin](/setup/install-plugin/) for more information.
+
 Administrators can access the Marketplace via **[Administration > Marketplace](/#sonarqube-admin#/admin/marketplace)**. The Marketplace is the place for keeping the pieces of the SonarQube platform up to date. It lets you:
 
 See
@@ -34,11 +37,11 @@ Restarting SonarQube can be done manually from the command line by running `sona
 * in the System Info page at any time
 
 ## Manual Updates
-If your server doesn't have internet access, you won't be able to rely on the Marketplace for plugins, and will have to handle plugin installations and upgrades manually.
+If you're using a commercial edition or your server doesn't have internet access, you won't be able to rely on the Marketplace for plugins, and you will have to handle plugin installations and upgrades manually.
 
 To see what plugins are available and which version of a plugin is appropriate for your server, use the [plugin version matrix](/instance-administration/plugin-version-matrix/), which is kept up to date with current plugin availability and compatibility.
 
-To install a plugin, simply download it using the manual download link on the plugin documentation page, place it in _$SONARQUBE-HOME/extensions/downloads_, and restart the server.
+To install a plugin, simply download it using the manual download link on the plugin documentation page, place it in `$SONARQUBE-HOME/extensions/plugins`, and restart the server.
 
 ### Stopping the Marketplace from searching for plugin updates
 Your SonarQube server needs internet access for the Marketplace to search for plugin updates. If your server doesn't have internet access, you may get errors in your logs when the Marketplace tries to search for new plugins. You can stop this by updating `sonar.updatecenter.activate` in `$SONARQUBE-HOME/conf/sonar.properties`.
diff --git a/server/sonar-docs/src/pages/setup/install-cluster.md b/server/sonar-docs/src/pages/setup/install-cluster.md
index 05400cff104..a16e68c04a9 100644
--- a/server/sonar-docs/src/pages/setup/install-cluster.md
+++ b/server/sonar-docs/src/pages/setup/install-cluster.md
@@ -187,7 +187,7 @@ The following is an example of the default SonarQube cluster installation proces
 
 1. On a single application node of the cluster, download and install SonarQube Data Center Edition, following the usual [Installing the Server](/setup/install-server/) documentation.
 2. Add cluster-related parameters to `$SONARQUBE_HOME/conf/sonar.properties`.
-3. As the Marketplace is not available in SonarQube Data Center Edition, this is a good opportunity to install additional plugins. Download and place a copy of each plugin JAR in `$SONARQUBE_HOME/extensions/plugins`.  Be sure to check compatibility with your SonarQube version using the [Plugin Version Matrix](https://docs.sonarqube.org/display/PLUG/Plugin+Version+Matrix).
+3. This is also a good opportunity to install plugins. Download and place a copy of each plugin JAR in `$SONARQUBE_HOME/extensions/plugins`.  Be sure to check compatibility with your SonarQube version using the [Plugin Version Matrix](https://docs.sonarqube.org/display/PLUG/Plugin+Version+Matrix).
 4. Zip the directory `$SONARQUBE_HOME`. This archive is a customized SonarQube Data Center Edition package that can be copied to other nodes.
 
 **Test configuration on a single node:**
diff --git a/server/sonar-docs/src/pages/setup/install-plugin.md b/server/sonar-docs/src/pages/setup/install-plugin.md
index 687920b1a12..8e414b2ac16 100644
--- a/server/sonar-docs/src/pages/setup/install-plugin.md
+++ b/server/sonar-docs/src/pages/setup/install-plugin.md
@@ -5,28 +5,42 @@ url: /setup/install-plugin/
 
 There are two ways to install plugins in SonarQube:
 
-- **Marketplace** - Automatically installs plugins from the SonarQube UI. 
-- **Manual Installation** - You can use this method if your SonarQube instance doesn't have Internet access, if you're using Data Center Edition, or if the plugin isn't in the Marketplace.
+- **Marketplace** - With Community Edition, you can use Marketplace to automatically install plugins from the SonarQube. With commercial editions, you can browse plugins in the Marketplace, but you need to manually install and update your plugins.
+- **Manual Installation** - You need to manually install plugins when using commercial editions of SonarQube. You can also manually install plugins if your SonarQube instance doesn't have internet access or the plugin you're installing isn't in the Marketplace.
 
 [[warning]]
-| Installing third-party plugins is inherently risky. You must acknowledge this risk before you install or update plugins.
+| Installing third-party plugins is inherently risky. A SonarQube administrator needs to acknowledge this risk in the Marketplace before installing plugins or when prompted in SonarQube after installing a plugin manually.
 
-## Marketplace
+## Installing plugins from the Marketplace
 
-If your SonarQube instance has access to the Internet, and you're connected with a SonarQube user with the **Administer System** global permission, you can find the Marketplace at **Administration > Marketplace**. From here:
+[[info]]
+|You can only install and update plugins from the Marketplace in SonarQube Community Edition. With commercial editions, you need manually install and update plugins.
+
+If your instance has internet access and you're connected with a SonarQube user with the **Administer System** global permission, you can find the Marketplace at **Administration > Marketplace**. From here:
 
 - Find the plugin you want to install
 - Click **Install** and wait for the download to be processed
 
 Once the download is complete, a **Restart** button will be available to restart your instance.
 
-See [Marketplace](/instance-administration/marketplace/) for more details on how to configure your SonarQube Server to connect to the Internet.
+See [Marketplace](/instance-administration/marketplace/) for more details on how to configure your SonarQube Server to connect to the internet.
+
+## Manual installing plugins
 
-## Manual Installation
+To manually install a plugin:
 
-Download the plugin you want to install. The version needs to be compatible with your SonarQube version.  
+1. Download the plugin you want to install. The version needs to be compatible with your SonarQube version.
+2. Put the downloaded jar in `$SONARQUBE_HOME/extensions/plugins`, and remove any previous versions of the same plugins.
+3. Restart your SonarQube server.
 
-Put the downloaded jar in `$SONARQUBE_HOME/extensions/plugins`, removing any previous versions of the same plugins.
+## Uninstalling plugins
 
-Once done, you need to restart your SonarQube server.
+To uninstall a plugin from the Marketplace (**Administration > Marketplace**):
+1. Sort the **Plugins** list by installed plugins by selecting **Installed** above the list.
+2. Find the plugin you want to uninstall.
+3. Click the **Uninstall** button to the right of the plugin information.
+4. Restart your SonarQube server.
 
+To uninstall a plugin manually:
+1. Delete the plugin from the `$SONARQUBE-HOME/extensions/plugins` folder.
+2. Restart your SonarQube server.
\ No newline at end of file
diff --git a/server/sonar-docs/src/pages/setup/upgrade-notes.md b/server/sonar-docs/src/pages/setup/upgrade-notes.md
index 25b4a0205d0..15ebd607d68 100644
--- a/server/sonar-docs/src/pages/setup/upgrade-notes.md
+++ b/server/sonar-docs/src/pages/setup/upgrade-notes.md
@@ -2,10 +2,13 @@
 title: Release Upgrade Notes
 url: /setup/upgrade-notes/
 ---
-## Release 8.9 Upgrade Notes
+## Release 8.9 Upgrade Notes  
 **GitHub Enterprise compatibility**  
 SonarQube 8.9 only supports GitHub Enterprise 2.21+ for pull request decoration (the previous minimum version was 2.15).
 
+**Third-party plugins require risk consent**  
+If you are using third-party plugins, a SonarQube administrator needs to acknowledge the risk involved with third-party plugins when prompted in SonarQube after upgrading. ([MMF-2301](https://jira.sonarsource.com/browse/MMF-2301)).
+
 ## Release 8.8 Upgrade Notes  
 **CSS analysis now requires Node.js 10+**  
 In order to analyze CSS code, you now need to have Node.js 10+ installed on the machine running the scan.
-- 
2.39.5