-
which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube Developer EditionVersion 8.2 (build 32929) -
what are you trying to achieve
I’d like to configure SonarQube to ignore some files when identifying Security Hotspots. -
what have you tried so far to achieve this
I set the analysis scope like this:
I also tried configuring the following in sonar-project.properties, based on this and this.
sonar.issue.ignore.multicriteria=e1,e2
# Ignore "Hard-coded credentials are security-sensitive"
sonar.issue.ignore.multicriteria.e1.ruleKey=squid:S2068
sonar.issue.ignore.multicriteria.e1.resourceKey=acceptance/**/*
# Ignore "Using regular expressions is security-sensitive"
sonar.issue.ignore.multicriteria.e2.ruleKey=squid:S4784
sonar.issue.ignore.multicriteria.e2.resourceKey=acceptance/**/*,assets/**/*
But the scan keeps finding these security hotspots in these files.