We are running sonarqube on some very old code that hasn’t had code analysis before. I am finding that when I touch a java file many old bugs that existed in the code become “new” again, so the quality gate fails for new bugs or vulnerabilities. I can change the status of the issue to not be “open”, but I don’t have a way to test for status in the quality gate. Any suggestions for a work around or new feature. This is for sonarqube 8.1 developer edition.
At the moment I am trying to address most of the issues before we turn the quality gates back on so that the likelihood of a false “new” issue is minimized.