SonarQube LTS 7.9.3
Users are confused by the state transition for the type “Security Hotspots”.
From the Docs,
The action is described as:
Resolve as Reviewed - There is no vulnerability in the code.
The target status is described as:
Reviewed – the Security Hotspot has been checked and no security issue was found.
Yet, the state is the UI displays:
If there was “no security issue”, then there was nothing to be “fixed”. It would seem the more appropriate wording should be “Reviewed (Closed)” or “Reviewed (not an issue)”. The latter is probably preferred as what was not an issue today might become one in the future.
May be related to MMF-1251: Issue states should be coherent and understandable