Can't view security hotspots

David_Michael · August 19, 2020, 12:38pm

versions - sonarqube developer edition 8.4
error observed

image1093×780 56.2 KB

no errors presents in the any log files

can you please help ?

ganncamp · August 19, 2020, 6:49pm

Hi,

Welcome to the community, and thanks for this report.

Can you share what languages are in this project, and also any 3rd-party plugins you’ve installed?

Ann

David_Michael · August 19, 2020, 9:08pm

PHP language
only plugins from the marketplace

Alexandre_Gigleux · August 20, 2020, 7:43am

Hello,

Plugins from the marketplace are not all maintained by SonarSource and a lot of them are contributed by the community. It is possible that one of them is not feeding the expected data since the Security Hotspots UI is new.

Do you reproduce the problem with a vanilla SonarQube CE instance downloaded from https://www.sonarqube.org/downloads/?

In all cases, sharing your System Info file with the list of plugins installed would help: https://docs.sonarqube.org/latest/instance-administration/system-info/

Would you also be able to share a link to a project we could analyze to reproduce the problem?

Thanks
Alex

David_Michael · August 20, 2020, 8:39am

i’ve attached the system info file as requested

sonarqube-support-info-1AD9A096-AXOZMX6-oeYvHxIODRcK-2020-8-20-10-36.json (25.6 KB)

David_Michael · August 20, 2020, 8:40am

is there a way to identify which plugin that is causing issues ?

Alexandre_Gigleux · August 20, 2020, 9:20am

I suggest that you remove the “ansible”: “2.3.0 [Ansible Lint]” plugin that is the only analyzer/plugin not provided by SonarSource, restart SQ and re-analyze your project to see if this is the root cause of the problem.

David_Michael · August 20, 2020, 10:41am

I’ve removed the ansible plugin and analysed the project again but still the same error

Alexandre_Gigleux · August 21, 2020, 8:29am

Hello,

The Ansible Plugin is not the root cause. The problem is coming from a missing line information one Security Hotspots raised on .ini files.
As a temporary workaround, I suggest that you exclude .ini files from the scope of your analysis and you should be able to access the Security Hotspots page.

Alex

David_Michael · August 21, 2020, 8:43am

ok , but is it something that will be fixed in upcoming sonarqube release or what ?

Alexandre_Gigleux · August 21, 2020, 9:43am

Yes, I confirm this is something we want to fix. What I shared with you is a temporary workaround to unlock you.

Alexandre_Gigleux · August 24, 2020, 12:19pm

Hello,

Here is the ticket to follow the resolution of this problem: https://jira.sonarsource.com/browse/SONAR-13790

Thanks
Alex

Alix · August 24, 2020, 1:24pm

I have seen something similar when I tried to import OWASP reports from the Dependency Check plugin.
The root cause in this case was that the violation pointed to a source file that was not included among “sonar.sources”. In my case the build.gradle files.

For me it worked after changing:

property "sonar.sources", "src/main"

to

property "sonar.sources", "src/main,build.gradle"