Must-share information (formatted with Markdown):
(SonarQube, Scanner, Plugin, and any relevant extension)
Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!
Hi,
Welcome to the community!
You haven’t provided much here. Can you expand on what you’re asking?
Thx,
Ann
Sorry for the late reply,
I wanted to know what the difference is between a Review Priority and a rule priority. Which we should check when resolving a hotspot.
As of now, I am working on Rule Priority. I am not checking the review priority. It would be helpful if you could let me know. I am working on eliminating these violations in overall code debit 
and I want to know which I can work on first. During the last one and a half years, I have just checked the rule priority, even for hotspots, and worked on those.
Hi,
That’s a great question.
Security Hotspots and Issues are both raised by Rules, and Rules have Severities.
When Issues are raised, they inherit the Severity the raising Rule had in the Quality Profile.
However, when Security Hotspots are raised, they don’t have Severity. They have Review Priority. Per the docs:
Review priority is determined by the security category of each security rule. Rules in categories that are ranked high on the OWASP Top 10 and CWE Top 25 standards are considered to have a high review priority.
So you can consider the ability to set Severity on a Security Hotspot rule vestigial: it’s still there, but Security Hotspots have evolved beyond its use.
HTH,
Ann
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
