Custom Security Hotspot rules can no longer be created be created from templates

SonarQube version: 10.6
How SonarQube is deployed: zip
What I’m trying to achieve: Create a custom Security Hotspot rule from a template.
What I’ve tried so far to achieve this: Use the standard “Create Custom Rule” dialogue.

We frequently create custom Security Hotspots from template rules (like reviewing particular types or methods which we consider to be security-sensitive).

It looks like this use-case was broken recently when you guys redesigned the “Create Custom rule” to remove the now-deprecated issue types.

Now all we get is Category, Attribute, Software Quality, and Severity.

This all looks like Issue terminology, with no Security Hotspots in sight.
To my knowledge, Security Hotspots are meant to be first-class citizens in SonarQube and are not deprecated, so I’m finding that pretty surprising.

How can we make new custom Security Hotspots?

Worse, I can’t edit the (many) custom Security Hotspot rules that we already have.
The Save button is disabled in the Update Custom Rule dialogue, with no explanation.

This is quite a serious breaking change for us.

Bump, I guess? :person_shrugging:

Bump.

Hi @Jonah_IntegraDev ,

I’m sorry for the delay in answering you on this. We are looking into it and will come back to you.

John

Hi @Jonah_IntegraDev ,

I’m sorry, it looks like we broke this by mistake.

Could you say a bit more about the steps you were going through here when this used to work please?

  • Are you working via the UI or APIs?
  • Is this being done with a custom plugin?
  • Which rule template are you using?

Thank you

John

Hi John,

  1. Working via the UI.
  2. Custom plugin (communitydelphi).
  3. It’s a template rule (ForbiddenType).

There used to be an option to select the rule type in the Create Custom Rule UI, with Security Hotspot being one of those rule types. There is no equivalent functionality in the new UI.

Cheers,
Jonah

Thank you @Jonah_IntegraDev we will look into fixing this.

1 Like