Get Notifications When an Issue is Marked as 'False Positive' or 'Won't Fix'

Hi,

We would like to get set up notifications whenever an Issue is marked as ‘False Positive’ or ‘Won’t Fix’.

I know this feature is available on the UI where you can do it on a per-project basis, but this is not feasible for us since we have a 100’s of projects, and it is not feasible to do this one-by-one.

Hi,

Welcome to the community!

Would you mind explaining why you need this notification?

 
Ann

We need this notification so as to have visibility on the issues that are marked as won’t fix or false positive. Sometimes, a legit security vulnerability might be marked as a false positive by the project owner (e.g. developer), making it fly under the radar and might lead to a security breach.

1 Like

Another reason why we need this is also to fine-tune our rules so that developers don’t have to mark issues as false positives all the time.

Is this feature available?

Hi,

I thought that by putting your request in the “Product Manager for a Day” category it was implicit that you understood that the feature doesn’t exist.

You can use the APIs to script the product-by-product subscription, though.

 
HTH,
Ann

I didn’t see that.

Thanks for the response.

Which API endpoint can I use to pull a list of all the projects on the sonarqube instance? I have skimmed through the API page but can’t seem to locate the right endpoint.

Hi,

Have you tried this via the UI? The best way to master the API is to perform the desired action via the UI and eavesdrop to see which calls the UI made to accomplish the action.

You may also find this guide helpful.

 
HTH,
Ann

Thanks for the prompt response.

Just found it on this endpoint: api/components/search?qualifiers=TRK

Thanks to this: Get all Projects names in your SonarQube server - Stack Overflow