I’m totally new to Sonarqube and so I lack on knowledge. Maybe some of you can help me with this issue.
A consumer of our Toolchain would like to use SQ and asked on how to mark code as “Won’t fix” or “False positive” permanently and upgrade safe. He provided me a list with four values, “Confirm”, “Resolve as fixed”, “Resolve as false positive” and “Resolve as won’t fix”. How are those marks saved? And how to make them permanent?
My first proposal would be to create a new Quality profile and allow him to create his own custom rules for appending them to this profile, but since noone ever has done this, we all ask ourself, if that’s the right way. I’m just a system admin giving proper access and keep the machine running, but unfortunately noone has much experience about deeper usage aside the standards.
We’re still at version 7.9.1.27448. Would be great if someone could help us with this.
At a guess, your client is familiar with SonarQube. Those issue statuses are built-in to the SonarQube issues interface. You need the Administer Issues permission to mark something Won’t Fix or False Positive. Once you do mark an issue one of those, it should stay that way as long as the issue context doesn’t change enough that it gets marked “new” again.
Confirm is also available, and sticky. It doesn’t require any permissions beyond ‘Browse’ on the project.
BTW, I don’t recommend wasting time marking anything “Resolve as fixed”. That status is available but it’s a holdover from the days when analysis-per-commit wasn’t common. If the issue isn’t actually fixed, that status gets rolled back at the next analysis. If it is fixed, the issue will be Closed (and cleaned out of the DB 30 days later). Either way, in a world where you analyze multiple times a day, “Resolve as Fixed” is really pointless.
sorry for the late reply, I lost a little bit track (too much happens at the same time). Thanks for your helpful reply, I’ll talk to my customer with your hints.