#NOSONAR tag not getting honoured in python language for fortify rules

  • versions used (SonarQube : 5.6.7, Scanner : 3.0.3, sonar-python-plugin- / sonar-fortify-plugin-2.0.jar )

  • error observed :
    For python language my print violations are getting suppressed by #NOSONAR tag however the Fortify violation’s aren’t.They are visible on UI. Not sure if this is the expected behavior.
    I tried to suppress the fortify java violations and their things work as expected.

  • steps to reproduce

  1. Appended #NOSONAR on few of the print violations and security violations present in python files
  2. Created a fpr file using sourceanalyzer on our sample git repo.
  3. Run sonar-scanner on the sample repo and also provided -Dsonar.fortify.reportPath=fortify_results.fpr

Actual Result :
Print violations are suppressed but fortify violations are still shown on UI.
Expected Result :
Both print and fortify violations should be suppressed on UI

Some time back following jira was addressed to have the NOSONAR support.

  • potential workaround

If the issues you see are imported from Fortify, then they’re not related to the Python plugin.
I think that you’re using a Fortify plugin which is not maintained anymore.
It seems that there are other other plugins to import Fortify issues, maybe you can try them.

1 Like

Thanks Pierre for helping me on this.In my case I was able to import fortify issues in SQ server for all the languages.Here my main concern was w.r.t the anomaly I observed.
For ex : if I append NOSONAR in normal java violations and fortify java violations the jav plugin (sonar-java-plugin- suppress both violations on UI.
However the same behavior wasn’t in case of python plugin.
Not sure if this is expected.Please guide.

Sorry, I can’t “guide” you. I know nothing about Fortify plugins except that there used to be a Fortify plugin which is not maintained anymore.

No worries Pierre.Thank you…:slight_smile: