Keeping Status Consistent for Recurring Hotspots and Issues

Eman_Harri · April 13, 2026, 10:32pm

Hello Sonar Community,

We have a question regarding the handling of repeated Security Hotspots and Security Issues in SonarQube.

We have noticed that the same rules keep appearing again in the code when similar changes are introduced, even though they were previously reviewed and marked as Safe or Acknowledged.

We are aware that rules can be disabled via a custom Quality Profile, but this is not our goal. We want to keep the rules active while avoiding the need to repeatedly mark similar findings with the same status.

Is there any way to persist the status or decision (e.g., Safe or Acknowledged) for similar findings when they appear again within the project?

Additionally, could this use case be handled using sonar.issue.ignore.multicriteria, or is that approach not suitable for Security Hotspots and similar repeated findings?

Our goal is to avoid repeated manual reviews for the same type of finding, especially when the team has already decided how to handle it or plans to address it later, so it does not continuously block PR merges.

Is this behavior supported, or is there any recommended workaround?

Regards,

Eman

ganncamp · April 14, 2026, 12:50pm

Hi Eman,

SonarQube doesn’t “learn” from issues you’ve marked safe.

This exclusion type allows you to pair rule keys and file path patterns, so you could keep the rule in your profile, but prevent it from being applied on certain file paths. Perhaps that would help?

Ann

Eman_Harri · April 14, 2026, 3:14pm

Hello Ann,

Thank you for your response.

Yes, this could be a good workaround. I just wanted to confirm whether this configuration (sonar.issue.ignore.multicriteria) applies to both Security Hotspots and Security Issues, or only to issues?

Thanks.

ganncamp · April 14, 2026, 4:16pm

Hi,

Not to be pedantic, but it actually applies to rules, from which come both Issues and Security Hotspots. So yes, this should work. And it makes sense why you were uncertain.

Ann

Eman_Harri · April 14, 2026, 4:22pm

Hi,

Yeah lol, I probably should’ve concluded that without asking as I’m testing this configuration.
Thanks for the clarification, Ann really helpful.

Regards,

Eman

Topic		Replies	Views
Security Hotspot needs to be reviewed repeatedly SonarQube Server / Community Build	3	605	December 15, 2020
SonarQube Security Hotspot resolution status is not retaining correctly SonarQube Server / Community Build sonarqube	4	905	October 10, 2023
Security Hotspots Unreviewed after being marked as Safe in the past SonarQube Cloud	3	425	May 27, 2024
Security Hotspots Reappearing After Review SonarQube Cloud security-hotspot , sonarqube-cloud	5	640	August 21, 2023
SonarQube Security Hotspots show warnings in the build even after reviewed as Safe SonarQube Server / Community Build sonarqube , scanner	8	620	November 21, 2024

Keeping Status Consistent for Recurring Hotspots and Issues

Related topics