More Granular Quality Security on Resolve Issues, Type, and Severity Changes

Sonarqube (@Cameron), we realize that you modified a feature in 7.9 which requires a special permission to Administer Issues. Could you also add another to Administer Type and Administer Severity? This may seem small or insignificant, but our CyberSecurity folks will not allow us to shift left the cleaning of code to the developers if they can change the severity or type. Yes, a developer can sign off a fix without proof… SO WHAT! Teams often have management controls for folks with lack of integrity. Teams may also have code reviews to PROVE a fix is in place. Let’s not sidestep this need, we must have this feature–right now, the only choice is to have a security admin check the box for something they know NOTHING about. This is worse… and many companies do not have the staffing to put a security admin right next to a developer for each and every project… many, like ours, have hundreds of projects… The developer(s) responsible must be enabled to resolve, but the system should have the flexibility to prevent and NOT changes to the Severity or Type. If a developer needs this changed, then–and only then–would a quality or security person get involved.

Please add this as an urgent feature or arrange for a call with our sales representative.