Security Report Linking Bug

SonarQube Server / Community Build
,
1

I have found a minor bug in how issues from Security Reports on other than the Main branch are handled and linked. Enterprise Edition v2025.1 (102418) ACTIVE Standard Experience

Steps to reproduce:

  1. Go to a Project and select the Security Reports tab.

  2. Also select a Branch other than Main/master, such as Dev

  3. Select the OWASP ASVS 4.0 Security Report (any level)

  4. Click one of the numbers or grades in the report

    1. Expect that this will take you to a list of associated issues

    2. Actual behavior is that the link takes you to the appropriate filter but drops the Branch parameter defaulting back to the Main/Master branch

  5. Manually add branch=dev or similar to the URI and the appropriate issues are now displayed.

    1. Selecting the appropriate branch from the selector drop down does not work as it just returns you to the summary page for that branch.

  6. FIX: when clicking on security report issues, the branch parameter should be included in the link.

    1. This issue appears to be present for all reports.
1 Like
2

I can reproduce that on our own instance running the very latest! :person_facepalming:

I’ll flag that for attention. Thanks a lot for the report.

4

Hi Trevor,

Apologies for the super late response. I’ve opened a Jira ticket to track the fix for this bug. Thanks again for the report!