Issue / Hotspot created date is showing as commit date

Smiley_Face · May 29, 2024, 1:28pm

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Version - Community 9.9

In a application / project we have few files which were moved from one directory to another. These jsp’s were already scanned using SonarQube earlier (at the older location) and the security hotspots / issues were already reviewed and closed.

Now at the new location, the same security issues / hotspots are appearing again and that too with the date of the last commit which is 7 years older. It is causing problems for us as it doesn’t show any history for this issue and as the date is old, it seems like the issue has been never reviewed in 7 years.

Is there a way to see the exact date when the issue was created instead of the commit date? If not, what would you suggest in this case that we should do to avoid showing it like it was never reviewed?

anita.stanisz · June 20, 2024, 8:11am

Hi @Smiley_Face

Welcome to the community!

Could you clarify whether the issue you spotted happened for a PR or a branch analysis?

The file move should be detected on the branch analysis and the hotspots shouldn’t be raised in that case. If they are raised - it’s a bug; however, on PRs, the moved files aren’t detected, you can find more details in this thread

Smiley_Face · June 20, 2024, 8:59am

the hotspot is reported from branch which was scanned. The hotspot got created which is showing the reported date as 5-7 years old same as the commit date of that vulnerable code.

anita.stanisz · June 20, 2024, 12:12pm

@Smiley_Face thanks for the clarification.

It looks like a bug when detecting a file move then.
Could you provide us with a reproducer, e.g. a small project with just two commits showing the problem?