Hello
Sonarqube 7.9.1
Is there a way to configure notification (email) when the status of a “Security Hotspot” is changed?
I looked through the doc and tool, but was unable to find a way to do this.
Thanks
Jason
3 Likes
Hi Jason,
Sorry, but there aren’t any notifications for this.
Ann
Hello,
Can you describe why you need such notification?
Who would be the persona targeted for this use case?
Thanks
I have such a use case.
I am a security engineer and I need to oversee issues and make sure the development team addresses all types of issues appropriately.
I need to ensure security-aware developers don’t dismiss (“Resolve as Reviewed”) naively Security Hotspots. For this I could use a notification that a Security Hotspot has been resolved as reviewed or it was opened as a vulnerability.
I could whip up a script to query the SonarQube instance periodically and get through its web API the list of Security Hotspots and compare it to a local list of (previously) stored SH (Security Hotspots) and determine if any changes have been made and issue notification emails but I rather don’t.
If there is a feature in Sonar that I can use for this it would be of help for me. If not, a future development would be great!
Thanks,
Andrei Rînea.