How to create Manual vulnerabilities

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • what are you trying to achieve
  • what have you tried so far to achieve this

We upgraded to sonarqube 8.9.9 and we want to test the below feature can you please help.

How to create Manual vulnerabilities?

Manual vulnerabilities created from security hotspots are migrated to security hotspots with the status “To Review”. A comment “Migrated from Manual Vulnerability” is added to the review history to recognize them

Hey there.

This functionality was removed in SonarQube v8.2. Take a look at this section of the upgrade notes

Release 8.2 upgrade notes

Security hotspots: dedicated space and workflow

  • The Security hotspots have a brand new space where developers can perform security reviews. The review process has been simplified. It’s no longer necessary to transform a security hotspot into a manual vulnerability and back. A developer can now simply mark a security hotspot as Safe, Fixed, or leave it as-is if more time is needed.
  • Manual vulnerabilities created from security hotspots are migrated to security hotspots with the status “To Review”. A comment “Migrated from Manual Vulnerability” is added to the review history to recognize them.
  • The formula to compute the security review rating, which was previously only available at the portfolio level, has been updated to be more meaningful. Historical values for this indicator have been removed to avoid confusion.
  • A Security Hotspots Reviewed metric has been added and is available to quality gates along with the security review rating.

Hi Colin, thanks for the response.

So here the manually created vulnerability would be migrated?

Yes, that’s correct!