which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Version 6.7.5 (build 38563)
what are you trying to achieve
Trying to ignore particular false positives, while not excluding the entire rule or the entire source file from sonar.
what have you tried so far to achieve this
I have run sonarqube with the following:
mvn sonar:sonar
And I often get false positives, like this one:
'PASSWORD' detected in this expression, review this potentially hard-coded credential
Where I am clearly not having an issue:
private final static String GENERATE_PASSWORD_PATTERN = "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=])(?=\S+$).{8,}$";
There are many other examples, such as it complaining about unused methods that are actually used only via reflection.
Is there a way to mark a specific the exact false positive and ignore it via configuration? I envision some way to add those exclusions to a file checked into Git that is reviewed by a manager/lead to verify it is a valid false positive and ok to ignore.
Your best option here is to mark them False Positive via the UI.
Alternately, if for example you notice that all of the issues raised by S007 in a certain package are false positives, you can set a multi-criteria issue exclusion to selectively turn the rule off for that subset of code.
Hi @ganncamp thanks for the info. Can you expand a bit on the “mark them false positive via the UI”
that’s basically what i was looking for but cannot find how to do.
I can mark it false positive for my own build project, but the next developer who runs it will they see the same failure? because i cannot have it doing that.
An issue marked FP will stay marked FP (and so not included for instance in your Open issue counts) as long as the issue tracking mechanism finds that they’re still present in the code. For details, see the ‘Understanding which issues are “New”’ topic in the docs.
As for how to mark them FP, if you have the Administer Issues permission on the project, that option should be available to you in the interface:
