All imported generic issues are given a MEDIUM severity despite specifying rule severities

I am running SonarQube 10.3 and sonar-scanner 5.0.1.3006.
I would like to be able to define my own issue severities and have them displayed accordingly on the SonarQube UI, but it seems all issue severities are defaulting to MEDIUM.

I have this issue in a generic issue import format:

{
    "rules": [
        {
            "id": "B307",
            "name": "eval - use of possible insecure function",
            "engineId": "bandit",
            "cleanCodeAttribute": "FORMATTED",
            "impacts": [
                {
                    "softwareQuality": "MAINTAINABILITY",
                    "severity": "HIGH"
                }
            ]
        },
        "issues": {
            {
            "engineId": "bandit",
            "ruleId": "B307",
            "primaryLocation": {
                "filePath": "/tmp/repo/bandit/main.py",
                "textRange": {
                    "startLine": 36,
                    "startColumn": 5
                },
                "message": "Use of possibly insecure function - consider using safer ast.literal_eval."
            }
        },
}

Why is it that when I import this issue, the severity shows up as MEDIUM?

The issue was fixed by changing the engineId to one that isn’t recognized by SonarQube.

I wish this behavior was documented, took many hours to figure this out.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.