Difference b/w 'Resolve as false Positive'/'Won't fix' ; 'Safe'/'Fixed' on new Build runs

SonarQube Server / Community Build
1

Hi,

Please clarify me the difference of choosing the options ‘Resolve as false Positive’/‘Won’t fix’.

It’s confusing to me most times.

Lets say I am creating Pull request PR1 for devABCBranch1 ==> itemBranchABC in Azure, in the Pull request analysis during Azure CI Build run the SonarQube throws few bugs in the dashboard, Imagine I marked a few as Resolve as false-positive, my questions are:

Does it re-appear if I re-queue the same build on PR1?
Does it re-appear in another build that runs on the master branch after the merge?

Let’s say, for the same results I marked few others as Won’t Fix, my questions are:

Does it re-appear if I re-queue the same build on PR1?
Does it re-appear in the other build runs on the master branch after the merge?

Similarly,

If I marked the security hotspot as Safe

Does it re-appear if I re-queue the same build on PR1?
Does it re-appear in the other build that runs on the master branch after the merge?
Does this type of security hotspot thrown in different files on some different code?

If I mark the security hotspot as Fixed

Does it re-appear if I re-queue the same build on PR1?
Does it re-appear in the other build runs on the master branch after the merge?
Does this type of security hotspot thrown in a different file on some different code?

2

Hi,

Welcome to the community!

False Positive/Won’t Fix/Safe resolutions are (should be) persistent from analysis to analysis, so the answer to your question about reanalyzing a PR is no, they won’t reappear.

Issues marked FP/WF/Safe in a PR won’t (shouldn’t) reappear in the branch you merge the PR into.

Issues marked FP/WF/Safe in one branch will still appear in other branches with the same code. We don’t track across branches.

 
HTH,
Ann

3

Thanks @Ann for the clarification.

You didn’t answer my last part of the question, choosing “Fixed” for the Security hotspot? Is it the same as chosing “Safe”. Does same rules apply to it.

4

Hi,

Yes. I was just too lazy to type “FP/WF/Safe/Fixed”.

And before you (re)ask me:

Yes, of course. Why wouldn’t it?

 
Ann

5

Thanks for your clarifications! :slight_smile: