Help, prevent users from altering code smells

Sonarqube version 7.7

Hi Sonar community,
We are a small organisation using sonarqube developer edition for maintaining code quality in our organisation. But recently we discovered users have the option to change code smells to Resolve as fixed.

That’s a huge problem as all users are using it to bypass sonar. We tried restricting users but even basic sonar users are able to modify a code smell in sonar. Please help.

It sounds like you have a user problem as well as a software problem. If your developers don’t want to use SonarQube… they aren’t going to use SonarQube no matter what permissions you enforce.

That said, “Resolve as Fixed” only resolves the issue until the next analysis, when it will be reopened if the issue still exists. If that sounds weird, you’re right, and we plan on removing this option entirely in a future release (no ETA yet).

In good news though we hope to have a change implemented before our upcoming LTS (just a few weeks away!) which will require “Administer Issues” permission to mark issues with “Resolve as Fixed”. SONAR-11923. Sounds like the change you need.

1 Like