How to add a custom tag to an issue raised by OWASP Dependency-Check in SonarQube?

Chamathka · July 20, 2020, 11:01am

I’m using the SonarQube Community Edition Version 7.9.3. with this plugin ‘dependency-check-sonar-plugin’ which can be found here: https://github.com/dependency-check/dependency-check-sonar-plugin . I used this plugin to check what are the built-in tags inside of it.

What I’m trying to do here is adding a custom tag to some issues raised by OWASP Dependency-Checker. Eg: Issues found by Dependency-checker will have a unique tag such as “owasp-dependency-check-issue”. My purpose is to identify these dependency-check issues when its all mixed up in many issues which can be found in the SonarQube UI.

ganncamp · July 20, 2020, 4:41pm

Hi,

You can do this issue-by-issue using the dropdown next to the existing tags, if any:

Selection_999(172)

If you don’t find the tag you’re looking for, you can create it here.

To do bulk, select the issues of interest, and use the bulk change button:

Selection_999(173)

HTH,
Ann

Chamathka · July 21, 2020, 4:19am

Thank you for your explanation. I tried this way but seems like the tags are getting removed when I try to do this. I wonder why?

ganncamp · July 21, 2020, 4:33pm

Hi,

At what point are they getting removed? Immediately or after the next analysis? Or at some other point?

Ann

Chamathka · July 22, 2020, 2:53am

Hi, when I fill the “Add tags” and “Transition” fields and submit it, and I could see that they are immediately removed.

Thank you.

ganncamp · July 22, 2020, 5:42pm

Hi,

Could you check your browser developer tools and see if any errors are returned from the server when you submit your label change?

Ann