Hey SonarQube Community!
I’m currently using sonarqube v8.8 and third party scanners like gitleaks and semgrep.
Whenever I send a report from one of the third party scanners to sonarqube, the issue cannot be marked as FP(False Positive).
Adding some more information - we are using the external scanners to get the result and format the report to the generic issue import format
After reading the sonar docs, I’ve noticed that there is no way to mark an external issue as fp
Can anyone maybe suggest an alternative for this need?
You’re right; there’s no way to manage external issues within SonarQube. The thinking is that the configuration for those issues is managed externally to SonarQube and so it doesn’t make sense to manage the issues internally.