Non-Compliant Code example is passing the scan when it should fail


  • SonarQube: 10.2
  • Scanner:
  • Gitlab: 16.5.1
  • Python3: 8+


  • Docker containers

Trying to achieve

  • Attempting to use the non-compliant code example from the docs to test rules in our pipeline. We have committed the code example to test success and fails. We are expecting the example to fail since it includes “senstive information”.

What we have tried

Hello @rcramer,

Thank you for reporting this false negative. After having a look, it seems that the rule behaves a bit too conservatively in some cases, which also affects the non-compliant code example.

I created SONARPY-1579 to fix this.



Thanks for taking the time to look at this. Could you inform me what steps we will need to take on our end once the fix has been approved, if any?


When it’s fixed, you’ll need to upgrade to the next version of SonarQube that’s released. The ticket is currently in progress, so that means adopting SonarQube 10.4 when it comes out.


1 Like


That was what I needed to know, thank you! I’ll be keeping an eye out for the release


I was just curious if anyone knows the expected release date for SonarQube 10.4? I seen the ticket has been closed and just wanted an idea of when we can expect to see it and keep an eye out for it.

Thanks in advance!


It’s imminent.