which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Sonarqube Developer Edition 10.3.0.82913
sonar-maven-plugin 3.10.0.2594
how is SonarQube deployed: zip, Docker, Helm
Docker
what are you trying to achieve
I expect the activities on Security Hotspots to be transported to other branches.
what have you tried so far to achieve this
I have changed the resolution to “SAFE” and added a comment to explain why in branch A.
But as soon as I pushed another branch B which was branched off branch A, the exact same Security Hotspot made the quality gate fail again as if it was never reviewed.
Also, if I merge branch A into branch C, the same thing will happen. After some time, branch A will be deleted (because it was a feature branch) and the original activity (resolution and comments) will be lost.
We’re now at version 10.5.1.90531 and it still happens.
Interestingly, after the upgrade, it happened without new code changes - we just built the same branch with the same commit again. As if the upgrade had deleted the existing resolutions.
Can you tell me if and when this is going to be fixed?
It’s really annoying, especially when doing releases as we need to manually review them again and trigger a new build in our CI to be able to proceed.
Nothing was fixed on this because the behavior you observed is the one we wanted to implement when the feature was introduced. The reason was that when you review the same host in a different context (a different branch), your decision may be different than the previous review you made.
We received a couple of feedback that finally made us think that the choice was not a good one. Hotspots should behave as Issues and not be re-reviewed each time you scan a new branch.
I have no idea when we will implement this change.