in my K8S yaml’s I have the resources set as:
resources:
limits:
memory: #{To_Be_Replaced_by_pipeline}#
cpu: #{Also_to_be_replaced}#
But sonar doesn’t figure this out and appoints this as a security problem!
How can we teach sonar, at a central location, that memory: #{To_Be_Replaced_by_pipeline}#
is OK?!? I don’t have to go project by project declaring this as a false positive!
Colin
(Colin)
January 20, 2025, 9:13am
2
I’ve moved your post to the section on reporting false-positives.
Hey SonarSource Community!
False-positives happen , as do false-negatives, and we’re eager to fix them. We are thrilled when our users report problems, so we can make our products better.
What is a false-positive (FP)?
A false-positive is when an issue is raised unexpectedly on code that should not trigger an issue, or where the suggested action doesn’t make any sense for the code.
What is a false-negative (FN)?
A false-negative is when an issue should be raised on a piece of code, but isn’t.
…
What version of SonarQube are you using?