We have encountered an issue where our SonarQube instance has stopped inheriting reviewed security hotspots from the master branch. Here are the details:
SonarQube Version: Community Edition v10.6 (92116)
Issue Observed: Five days ago, all security issues were correctly inherited from the master branch. However, without any configuration changes on our end, this inheritance has stopped.
Impact: The Quality Gate is now failing, requiring us to review the security hotspots again.
Troubleshooting Steps Taken: We have tried removing the branch from SonarQube and creating a new one, but this did not resolve the issue.
Expected Behavior: Reviewed security hotspots should be inherited from the master branch, maintaining the Quality Gate status.
Actual Behavior: Reviewed security hotspots are not being inherited from the master branch, causing the Quality Gate to fail and requiring a re-review of the security hotspots.
Is this a known issue? Are there any additional steps we can take to resolve this?
All the security hotspots are reviewed - 100%. In the message below there is an information ‘The issue has been copied from branch ‘master’ to branch ‘release/2.16.0’’ That is the expected behavior.
As of today, it is working again. It seems like a random issue, and I would like to make sure it does not happen again. We did not make configuration changes and the Sonar works differently each time. Can we make something on our side? Now, on the sonar community and docs, I see it should not be inherited at all
I really don’t know what to tell you. As you and I have both pointed out, Security Hotspots aren’t expected to be synchronized, so it looks like you sometimes get a bonus behavior.
Regarding your initial problem where the synchronization did not happen, it might be caused by multiple factors. One common case where issue sync between branches is not working is when files have been renamed.
Another case could be multiple levels of branch “forking”. Like master → branchA → branchB.
If you can reproduce it again, feel free to re-open a thread, and we can try to investigate.