Security Hotspot Reappears in Unchanged File After Marking Safe

  • Sonarqube enterprise - Version 8.9.8 (build 54436)
  • Project in Java
  • Quality Gate - default Java

After setting a security hotspot to safe, it shows up again on the next scan even though that file is unchanged

We verified that its coming again and again for same ( unchanged java file + project + branch)

User have to wait on every CI, to mark this security either safe or hotspot

Please consider this bug and let us know if it will be handle in near LTS version.


Your version is past EOL. You should upgrade to either the latest version or the current LTS (long-term support version) at your earliest convenience. Your upgrade path is:

8.9.8 → 9.9.4 → 10.4 (last step optional)

You may find these resources helpful:

If you have questions about upgrading, feel free to open a new thread for that here.

If your issue persists after upgrade, please come back to us.

Thanks @Colin.

we are opening new thread here.
In general, we prefer to have LTS releases however while we upgraded to 9.x.x we had faced challenges to scan java 8 based projects ( we are in progress to convert all legacy service from 8 to 17), meanwhile we required support of java 8. Do you belive we have some solution for that sort of wired requirement.

As documented, you can continue to build with Java 8 as long as the analysis happens with Java 11 or 17.