(Not the OP). The security hotspots are generating build warnings, so since SQ introduced those, we now have a permanent set of build warnings. We can review them in sonarcloud, and close them; but they remain in the build output and keep cluttering the build output with needless warnings. This makes digesting the build output hard, because it will contain a mixture of build warnings that need to be resolved, and build warnings that “we’re not supposed to see”. I’d love to hear a solution for this.
First : things have evolved a bit since march regarding hotspots and how they are displayed to developers.
Then, could you specify a few things : What do you mean by “build warnings” ? which build technology are you using (and targeting which language) ?
We’re using MSBuild on Azure Devops. So these security hotspots will show up as build warnings in the logs, as well as the summary. Going over the build logs is now close to impossible due to all the clutter caused by sonar lint:
I moved the posts to the new topic, as I think this is an another subject specific to Azure Devops which should be discussed separately.
It looks like the security hotspots just emit regular build warnings, which makes me think it is not specific to Azure DevOps. Could be wrong though. Anyway, I would love to hear a solution to this.
Is there any solution for this problem?