Every day on SonarCloud you have to deal with new issues in your code. Usually you fix them but from time to time you don’t think SonarCloud is correct, so you close the issue as False-Positive or Won’t Fix. We realized some of you thought the SonarCloud Team saw your comments explaining WHY you made that choice, but it wasn’t the case - until today.
We are happy to announce that you now have the opportunity to share your feedback about False-Positive or Won’t Fix issues with the SonarCloud Team.
When you explicitly agree to provide feedback, the following information will be available to the SonarCloud Team for a period of 1 month:
Current file: code, language, project key.
Issue details: creation and update date, line, location, resolution, severity, status.
Rule details: rule repository and key.
Feedback: comment, date.
To start with, we decided to activate this option only for Vulnerability issues and evaluate in the future whether to extend to other issue types. By helping us understand why you believe a vulnerability is a false-positive or an issue you don’t want to fix, we’re expecting to find ways to make our analysis more accurate, and eventually raise only true vulnerabilities.
Keep in mind that your comments will be reviewed by humans, there is no AI behind it, only real people.