Hotspot remains after rule removed from quality profile

My Hotspots page shows an entry for Disabling resource integrity features is security-sensitive, even though I’ve removed the corresponding rule from my quality profiles.

The hotspot was triggered on a PHP file that generates HTML and JavaScript. All three of those languages have custom profiles applied, and none of those profiles include the rule.

The rule was part of the built-in profile and was applied when the project was created. Since it’s just one rule, I could manually mark it as safe, but that won’t work for the larger projects that I’m planning to create in the future.

IIRC, other hotspots were removed automatically when I removed their rules from my profile, but for some reason this one wasn’t.

It looks like I had to push an (unrelated) commit to the repo in order for the SonarCloud UI to update. That doesn’t make any sense to me, since the actions I took happened inside SonarCloud and were independent of the repo, but :man_shrugging:t2:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.