Problem: "Using hardcoded IP addresses" False Negative


I’m running a scan of my projects using SonarQube, but noticed that one of the rules was not found, and I would like to confirm what could be the reason for the miss(false negative).
the rule is “Using hardcoded IP addresses is security-sensitive”

I have scanned several Python and Java projects with SonarQube and confirmed from the Quality Profile that the rules are correct and also activated.

But my code does have a lot of 192.168.x.x or 10.x.x.x hardcode IP

Why can’t I find any of them in the scan result?


I’m using SonarQube with Docker Container
I want to find all “Hardcode IP”

Hey there.

This is a Security Hotspot, and it’s not possible to filter on these in the global Issues page (they are only visible at the project-level when browsing the Security Hotspots tab).

I admit it’s confusing that even in SonarQube 9.9 LTS, it’s possible to filter on security hotspot rules in the global issues tab. I’ll pass this along.

We created a ticket to not display hotspot rules in issues page.

Thank you! I saw it in security hotspot

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.