I’m using Sonarqube, Enterprise Edition, Version 8.9.9 (build 56886).
We found out there is a specific vulnerability in the code that is a false-positive.
The question is that Sonarqube has pointed more than a thousand of this specific occurrence as a vulnerability.
Is there a way to mark all these thousand occurrences as false positives at once?
It will be a real trouble to mark them individually.
The language is PHP and it is an XSS Vulnerability
Hi,
Welcome to the community!
Your version is past EOL. You should upgrade to either the latest version or the current LTA (long-term active version) at your earliest convenience. Your upgrade path is:
xxx → 8.9.10 → 9.9.4 → 10.4 (last step optional)
You may find these resources helpful:
If you have questions about upgrading, feel free to open a new thread for that here.
Regarding your question, upgrading may significantly impact the false-positive rate. If not, come back to us.
Ann