However, since last week, the project is passing the quality gate and all these 7 issues are now marked as “Closed (Fixed)” and no longer show up in the report. The concerned part of the codebase is unchanged, but according to the Activity tab, all these issues suddenly became ok since May 5.
Is there any way for me to find out how or why these issues were marked as fixed and how to reopen them? Is there any audit trail available to see what happened here?
Exclusions are not set in the command line parameters either. The only arguments supplied in the command line are: sonar-scanner -Dsonar.host.url="" -Dsonar.login="" -Dsonar.projectKey="" -Dsonar.sources="" -Dsonar.branch.name=""
The analysis parameters that you referred to, where can I find them?
Ah, ok. I don’t have such a file in the project root, so all those settings are passed as command line params.
When I click on an older issue’s timestamp, I see it’s history (when it was opened, modified, closed etc), but not much details about it. Is there any way to drill down into the history of these events to see exactly what happened?
I guess I should have asked earlier about the rules in question. Vulnerabilities aren’t typically going to close themselves. But what you’re showing here is a Code Smell, and it could have been legitimately closed by E.G. adding a use of the z2 variable later in the code.
…And to answer your question, what you’re looking at is all the details we have. There’s nowhere to “drill down” to.
For us, both the number of code smells (3.5k to 100) and the number of vulnerabilities (8 to 0) reduced. And all this happened on a particular date last week and there was no code change to fix any of these. These issues still exist in the code.