Versions

• SonarQube: 10.2
• Scanner: 5.0.1.3006
• Gitlab: 16.5.1
• Python3: 8+

Deployment

• Docker containers

Trying to achieve

• Attempting to use the non-compliant code example from the docs to test rules in our pipeline. We have committed the code example to test success and fails. We are expecting the example to fail since it includes “senstive information”.

What we have tried

• Renaming project names (removed “test” from the project and files. Do projects get skipped when “test” is in the name)
• Removing other rules
• Custom rules
• Here is the link we found the non-compliant code example on: http://rchubnt07-ahv:9000/coding_rules?activation=true&q=crede&qprofile=AYrisLvMeYHxDMr4MFeq&open=python%3AS6437
• Project name: WaterReserve
• Files:
  
• The Example from the docs for non-compliant code:
  
• The passing scan:
  
  INFO: QUALITY GATE STATUS: PASSED - View details on ......

Hello @rcramer,

Thank you for reporting this false negative. After having a look, it seems that the rule behaves a bit too conservatively in some cases, which also affects the non-compliant code example.

I created SONARPY-1579 to fix this.

Cheers,
Guillaume

Guillaume,

Thanks for taking the time to look at this. Could you inform me what steps we will need to take on our end once the fix has been approved, if any?

Hi,

When it’s fixed, you’ll need to upgrade to the next version of SonarQube that’s released. The ticket is currently in progress, so that means adopting SonarQube 10.4 when it comes out.

 
HTH,
Ann

Hey!

That was what I needed to know, thank you! I’ll be keeping an eye out for the release

Hi,

I was just curious if anyone knows the expected release date for SonarQube 10.4? I seen the ticket has been closed and just wanted an idea of when we can expect to see it and keep an eye out for it.

Thanks in advance!

Hi,

It’s imminent.

 

Ann