How to deactivate some Security Hotspots?

Hello Alexandre,

Is there a way to filter specific Security Hotspot rules in mass in the sonar.properties file? I ask because we have almost 2 thousand security hotspots to review and about half of them are not relevant to the environment in which our code runs and we would prefer to disable the couple of rules that make up the half that do not apply and focus on those that do. Also, the prioritization of high, medium and low for these reviews does not correlate well with the priority of the findings for our source code, again because of our unusual environment in which the code runs, so we cannot just focus on just the high or medium.

Thank you for your help.

Hello,

You can’t deactivate rules in the sonar.properties file. You have to create a custom Quality Profile, deactivate the Security Hotspots that don’t work well with your environment and then associate the new Quality Profile to your project.

Documentation: Quality Profiles | SonarQube Docs

Alex

Hello Alexandre,
Great. I created copies of a couple default Quality Profiles, deactivated a few rules within these custom Quality Profiles and reran the analysis. This process works well for our special environment and needs. Thank you.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.