How to exclude RSPEC-1313

I would like to disable SonarQube 8.4 from reporting this as an error (RSPEC-1313):

In my project I got almost 500 false positives. How can I disable it in SonarQube server, not in each file?

Inside SonarQube I clicked Project Settings -> General Settings -> Analysis Scope

and now I don’t know what I need to enter for “Rule Key Pattern” of “Ignore Issues on Multiple Criteria”?

After I enter it, then I need to re-run analysis? I wish SonarQube would simply filter out those errors with that code.

Hello @milantomic,

What you are looking for here is to create a Quality Profile which does not include this specific rule. I let you follow the documentation to know how to proceed.

Please also note that these are not False Positive per se. By definition Security Hotspots are not proven vulnerabilities, but a sensitive part that needs to be reviewed. Read more about it in our documentation about Security Hotspots.
So a better approach would be to review them, make sure the usage of an hardcoded IP is fine is this context, and mark the Hotspot as reviewed.

Does it make sense to you?

Cheers

Thank you very much :smile: It was very helpful.

1 Like

Hello @milantomic and welcome to the community

Sorry to hear that RSPEC-1313 doesn’t provide interesting results in your case.

In order to try to improve this rule for all users, can you tell us why you consider the issues you got are false positives? it is not IP addresses that are highlighted? the IP addresses are not “sensitive”?

Your feedback are very welcome

Eric

1 Like

In my code I have lots of identifiers in format “1.0.76.2” which are not IP addresses.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.