SQ community 8.6
Trying to change instances of rule java:S2068 from vulnerabilities to hotspots, as suggested here (Why is rule S2077 reported two different ways? - #5 by ganncamp), to make them consistent with current default settings. Used api/issues/bulk_change to do this to a group of 25 vulnerabilities concerning hard-coded passwords (S2068). Just setting set_type = ‘SECURITY_HOTSPOT’ didn’t work, because it complained do_transition was not set. So added do_transition = reopen – actually, the issues were already open but this seemed to work.
Well, sort of. They no longer appear in the issues tab when I filter on vulnerabilities. And when I explicitly search for them with issues/search using the rules parameter to search specifically for java:S2068, I get no issues. So far, so good…
But the Security Hotspots tab still says there are no security hotspots. The hotspots/search function also returns 0 hotspots for the project key. Yet if I call hotspots/show with one of the key IDs from the original set of issues, they do show up, with status OPEN. So, they’re there … but not there…
Oh, and trying with set_type = resetastorev didn’t work either. The issues/hotspots still were only accessible through hotspots/show and their status was still shown as OPEN.