Filter hotspots and vulns that are not processed

In order to know what warnings needs to be taken care of and adressed it would be good to have some way of just viewing the security hotspots and vulnerabilities that are “new” in the sense that no one is assigned or there’s no jira for it. We are several teams that work in the same Sonarcube projects at our company. We go through all issues in Sonarcube and distribute the work by creating jiras and putting them in each teams backlog.

The use case above could perhaps be resolved by adding another button in the “filters” part of the security hotspots which just says “unassigned” or make a dropdown for an “assignee”-filter.

Another way could be to add a status called “in progress” or something, so we could put all issues that has a jira for them “in progress”, and only look at issues with status “new” or something similar to it.

This would help us enormously as we need some way of filter new issues that has not had a jira created for them yet.

Thanks for considering this!

Hell @Josefin_Scott,

For the use case of being able to identified Hotspots “In Progress” to be fixed, we are planning to provide a solution as described in this card. This should come hopefully with SonarQube 9.4

I’ve got the feeling that once this new status will be there, it will also solve your filtering problem because won’t need anymore to filter to find Unassigned Hotspots and you will be able to rely only on “To Review”.


That’s great news! And yes, it would solve our use case. Do you know of when ish 9.4 is released?

SonarQube is released every 2 months, so it should be end of March 2022 for SQ 9.4