Security Review E with 0 Security Hotspots

  • SonarQube 9.5 Enterprise
  • Trying to get my project green.

I am on a branch.
My project had a security hotspot on existing code so Security Review E
I marked the issue as safe.
“Overall Code” now shows 0 Security Hotspots, 100% Reviewd, Security Review A
“New Code” shows 0 Security Hotspots, 0% Reviewd, Security Review E

So the branch has failed the quality gate check

Hi,

Could you double-check the Security Hotspots tab/page, please, to see if it shows any unreviewed Security Hotspots? I’m asking to see if this is some sort of rounding error.

 
Thx,
Ann

Hi - there are no security hotspots to review on that tab (I have checked all, not just assigned to me)

Hi,

Thanks for looking. I’ve flagged this for more expert attention.

 
Ann

Hello Tony,

Was the hotspot on new code?

If the project gets analyzed again, could you please let us know if the security review rating gets corrected? That would confirm that the problem is related with the real time update of measures when the hotspot was reviewed.

Also please check if you have any error logs, specifically in the web.log file, around the time you made the change to the hotspot.

Hi

Per my original post it was new code.

The issue is not showing right now - the project has been analysed a few times since.
For future reference, do you mean from the UI Download Logs, Web Server - those are the logs you would want?

I had another issue which magically disappeared with no more reviews which maybe was related to realtime updates - ie the summary showed a problem but clicking on it couldn’t find any issues.
Wondering if it was related to elastic indexing being really s-l-o-w for some reason.
Is there a way I can verify if that is the case in the future?

We are using the k8s instance of SonarQube Enterprise - have only added a couple of projects to it so far and I am manually uploading analyses so it is not being hammered - later we will be connecting it to our CI pipeline…

Yes. You could still check if there are any errors around the time the change was done to the hotspot.