How to manage Vulnerabilities

valjean · December 21, 2022, 9:00am

Hi,

I am using SonarQube to report the vulnerabilities of the code/libraries.
Than take some action to fix/solve few of them.

The next month, I redo a report and each time have to match my previous action to the new report manually.

Is there a way to use a tools or other idea to have a better follow up on my action?

Kind regards,
VJ

Colin · December 27, 2022, 2:44pm

Hey there.

When you fix a vulnerability in SonarQube, the issue will move to status of Resolved (Fixed), that you can filter on in your SonarQube instance.

These closed issues are eventually cleaned up by housekeeping, but you can adjust how often the issues are purged.

Topic		Replies	Views
How to report a SonarQube security vulnerability? SonarQube Server / Community Build	2	1043	May 4, 2021
Put back previously accepted issues on SonarQube SonarQube Server / Community Build sonarqube	1	569	May 3, 2022
SonarQube bugs reopened every time after fixing same bugs SonarQube Server / Community Build	4	322	October 2, 2023
How can i report security bug and a CVE(Common Vulnerabilities and Exposures) for sonarqube application, whats the procedure SonarQube Server / Community Build	1	1267	December 10, 2020
Sonar Cloud Vulnerability and bug fix report for Audit SonarQube Cloud sonarqube-cloud	1	122	May 20, 2024