Email Notification did not show the Security Vulnerability correct count

Joseph_Prabhu_C · September 14, 2022, 5:21pm

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension): 8.9.6
what are you trying to achieve : Security Vulnerability Notification on scanning
what have you tried so far to achieve this

Colin · September 15, 2022, 8:45am

Hey there.

You’ll have to provide some more details. What notification did you receive, and what the discrepancy? Additional information like screenshots are invaluable here.

Joseph_Prabhu_C · September 15, 2022, 1:19pm

We have email notifications enabled in SonarQube, which basically shows the # of bugs, vulnerabilities and code smells identified in the scan. This email notification had the vulnerability count as 0, however One security vulnerability was identified in the sonar scan, the vulnerability is " XML parsers should not be vulnerable to XXE attacks".

Colin · September 16, 2022, 8:29am

Can you share a screenshot of the e-mail notification, and of your project dashboard showing conflicting information?

Joseph_Prabhu_C · September 16, 2022, 1:34pm

In this screenshot vulnerability is shown as 0, but once after this scan the vulnerability count in the dashboard is 1