Bulk change assignee on security hotspots review

fzara · October 26, 2021, 12:39pm

Hello,

I’m using a SonarQube 8.9.1 LTS (upgrade to 8.9.4 in progress).

I can’t find a way to bulk change assignee in the security hotspots review tab. I can only do it one by one. Do you kown if there is a (rather simple) way to do a bulk change of every assignee in Security Hotspots?

Thank you.
Florent

ganncamp · October 26, 2021, 6:24pm

Hi Florent,

I’ve moved this to the ‘Suggest new features’ category since the functionality doesn’t already exist.

BTW, would you mind explaining your use case?

Thx,
Ann

DaveMercer · September 9, 2022, 9:59am

I’m using SonarQube 8.9.4, and it would be great to have similar Bulk options for Security Hotspots as you do for handling normal issues.

We have a process whereby Security Hotspots are raised by developers for review and or mitigation by a Code Quality team. Often, there are multiple similar false positives which could be quickly bulk commented and mitigated. For instance if you have some XmlProcessing code, quite often you’ll have multiple “Using http protocol is insecure. Use https instead.” on the namespace attributes". The process would be much neater and easier to handle if one comment/decision could apply to multiple similar false positives.

knoxg · November 17, 2022, 4:54am

+1 on allowing bulk changes

At the moment I’m updating 100s of almost-identical hotspots, and it’s paintakingly slow, which could be helped by

having keyboard shortcuts for every step of the process ( change status → safe , which should move keyboard focus to the comment → change status ), removing the animation around the ‘Security Hotspot was successfully changed to Safe’ popup → continue reviewing.
the UI shouldn’t be designed in way such that when the change status is clicked, the dropdown panel obscures the code that you’re reviewing

But if we could bulk update hotspots that would be a much better solution

( Community Edition, v 9.6.1 )

Alexandre_Gigleux · November 17, 2022, 7:38am

@DaveMercer I believe we fixed most of the FPs related to “namespace attributes” + “use of http”. If you still see a problem with SQ 9.7, don’t hesitate to create a dedicated thread here.

@knoxg If you have 100s of Hotspots to review on a single project very often, it probably means that we are raising too much. Can you share in a dedicated thread examples of Hotspots that are noisy and force you to review 100s of them?

Note: I shared your feedback about the missing shortcuts, popups, etc… with our UX Team.

Alex

knoxg · November 18, 2022, 11:19pm

Hi Alex

Thanks for passing that on to the UX team. Have raised a separate issue for the noisy hotspot warnings here: Hotspot suggestions (polynomial runtime regex)

Cheers,
gk