which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) - SonarQube Community Edition v8.9.1
Hi everyone,
We have few files which were moved from one directory to another. These files were already scanned using SonarQube earlier (at the older location) and the security hotspots were already reviewed and closed.
Now at the new location, the same security hotspots are appearing again and that too with the date of the last commit (in our case it is almost 4 years old). It is causing problems for us as it doesn’t show any history for this issue and as the date is old, it seems like the issue has been never reviewed in 4 years.
Is there a way to see the exact date when the issue was created instead of the commit date? If not, what would you suggest in this case that we should do to avoid showing it like it was never reviewed?
Your version is past EOL. You should upgrade to either the latest version or the current LTA (long-term active version) at your earliest convenience. Your upgrade path is:
We are already working on it and will be upgrading to 9.9 LTS in the next few days.
However, can you please let me know if upgrading will help resolve this issue?
Regarding your Security Hotspots… I would have expected the file-move-detection algorithm to have understood your file move and moved the Security Hotspots along with the files. However, the algorithm isn’t fool-proof. For instance, if you changed both directory and file name at the same time, I think that might trip it up.
That said, I’ve recently learned that our treatment of Issues and Security Hotspots is - on purpose - not identical, and I can easily imagine that this behavior was designed to make you re-review the Security Hotspots to make sure they’re still safe in the new file context.
That said, your best bet here is to simply re-review and re-mark them safe.
I had another question as well in my original post about the issue date? Can you please help with that?
Now at the new location, the same security hotspots are appearing again and that too with the date of the last commit (in our case it is almost 4 years old). It is causing problems for us as it doesn’t show any history for this issue and as the date is old, it seems like the issue has been never reviewed in 4 years.
Is there a way to see the exact date when the issue was created instead of the commit date? If not, what would you suggest in this case that we should do to avoid showing it like it was never reviewed?