How do I avoid developers to bypass SonarQube rules using NOSONAR
as mentioned in the SonarQube documentation - FAQ it will suppress/ bypass the issue by simply typing //NOSONAR at the end of the line since, developers are having access to write code in a file, they are adding that word in every line.
Let’s say we have a scenario –
There is a code (a line) that I want to mark it as false positive or won’t fix, what options do we have in SonarQube? as per my observation issues which are marked as won’t fixed or false positive in the lower branch example Dev branch will get reopened in the UAT higher branch. We don’t want to fix the same issues again and again since it was already marked as false positive in Dev branch “Lots of repetitive work”. if you suggest NOSONAR or @SupressWarning to bypass that line of code/file, then it is a loophole in SonarQube because anybody can bypass Sonar analysis.
We need a more granular way of doing it.
I need your attention on “How do we avoid developers to use NOSONAR”.
adding Abhishek for followup