Hey SonarQube Community!
I’m currently using sonarqube v8.8 and third party scanners like gitleaks and semgrep.
Whenever I send a report from one of the third party scanners to sonarqube, the issue cannot be marked as FP(False Positive).
Adding some more information - we are using the external scanners to get the result and format the report to the generic issue import format
After reading the sonar docs, I’ve noticed that there is no way to mark an external issue as fp
Can anyone maybe suggest an alternative for this need?
Welcome to the community!
You’re right; there’s no way to manage external issues within SonarQube. The thinking is that the configuration for those issues is managed externally to SonarQube and so it doesn’t make sense to manage the issues internally.
Thanks for the quick response!
Do you know if this feature going to be added despite that fact in the near future?
The thinking is that the configuration for those issues is managed externally
There was talk of that at one point, but it died down and AFAIK hasn’t been resurrected.
This topic was automatically closed after 6 days. New replies are no longer allowed.