Resolving issue as “false positive” or “won’t fix”

We are having issues with being able to resolve issues in both PR scans and main branch scans as either “false positive” or “won’t fix”. For example, in one of our scans for a given pull request, there are some issues that has the dropdown to change the status of the issue as “resolve as fixed”, “resolve as false positive”, or “resolve as won’t fix”. This is to be expected. However, in that same scan, there are also other issues that do not have the dropdown to set the resolved status. Some of the issues that are reported are not valid in our code base and we need to be able to set them to resolved so the scan will pass. Because the Sonar scan is a quality check within out CI process (we use GitHub Enterprise for both our code and our CI process), the PR can not merge without a successful scan.

Why can we not change the resolved status on some issues reported? How can we set the resolved status on these issues that we’ve deemed false positives or won’t fix that do not have the dropdown options?

The language of the code in the repository is C#.

Hey there.

  • This is because some issues are being imported from external engines (like Roslyn), and historically we’ve suggested these issues are be suppressed at the source rather than in SonarQube.
  • We changed this in SonarQube 10.3 to allow these issues to be resolved in SonarQube. We expect this to make its way to SonarCloud by the end of the year.

Thank you @Colin for the explanation. That change in SonarCloud will be a welcomed one!

Hey @theLetterJ

Check these same issues now on SonarCloud – you should have the option to resolve them from within SonarCloud (happy thanksgiving!)

Hey @Colin

I was on vacation and just now seeing your response. I’ve checked these and I do now have the option to resolve them. Thank you very much! This is a big help for my team.