Hi all,
We have a CI/CD pipeline that includes SonarQube analysis as part of our PR validation process. If any issues are detected by SonarQube—bugs, vulnerabilities, code smells, or duplications—the pipeline blocks the PR from being pushed until the issues are resolved.
Our standard process involves a Sonar issue reviewer manually reviewing new findings and marking them as “Accepted”, “Won’t Fix”, or “False Positive” when appropriate. This works well for most issue types.
However, we’re occasionally encountering code duplication issues that are not truly duplications—either:
- The flagged blocks are structurally similar but semantically different.
- The duplication is intentional and safe (e.g., required for patterns or isolated use cases).
Unfortunately, it seems SonarQube does not allow marking code duplication issues as “Accepted” or “Won’t Fix”, nor can we suppress them using //NOSONAR.
We’d prefer not to resort to disabling duplication checks or excluding files from analysis, since this would affect broader coverage.
Could you please advise:
- Is there a way to override or approve duplication findings on a per-PR basis, similar to how we handle other issues?
- Can a temporary threshold adjustment or manual override allow this PR to proceed?
We’re looking for a clean way to resolve this without weakening our overall duplication detection policy.
Thanks for your help!
Best regards,
Eric