"Safe" Security Hotspots are re-opened every time when i re-run my bitbucket pipeline


Even though i have marked all hotspots as Safe - sonarcloud still detects them every time when i re-run my bitbucket pipeline step that runs the scan!!

Can somebody please assist on that?

Thank you.

Hi @qwebek and welcome to the community.

Can you please tell me more about your project ?

CI configuration, language of your project, does it occur on a specific hotspot rule key, or you’ve encountered that with multiple ones ?

Also, a background task id can also help in that case.

Thanks in advance.

Hi Mickael,

We have “single-reporsitory” with C# as main language and Java is used within automation-tests subfolder<- here we have these hotspots not resolving

We are using image: atlassian/default-image:2

Running separate steps for :
- pipe: sonarsource/sonarcloud-scan:1.2.1

- pipe: sonarsource/sonarcloud-quality-gate:0.1.4

We had something like 7 hotspots detected and we were disabling them by //NOSONAR comment as hot-fix and later we have changed the code so it is not detected

Hi @qwebek

Not sure to understand everything

  • You are analyzing C# code, with SonarScanner for .NET, right ?
  • Are you also analyzing your Java code for the same project ?
  • Does the //NOSONAR work in your case then ?