Separate permission in SonarQube for administering security hotspots

I am trying to create a separate user group that has the ability to administer security hotspots separately from those who can administer code quality findings. As far as I can tell, there is not a distinction between the two, though I think there should be. For context, I am using version 8.9.5 of SonarQube enterprise. I looked through docs for the latest version of SonarQube and did not see anything specifically referring to security findings vs general code quality findings. Is this in the roadmap?

There are two distinct permissions, even in SonarQube v8.9 LTS

  • Administer Issues: Change the type and severity of issues, resolve issues as being Won’t Fix or False Positive (users also need Browse permission).
  • Administer Security Hotspots: Change the status of a Security Hotspot.

:warning: Make sure you upgrade to SonarQube v9.9 LTS soon, not only to benefit from our Best LTS Ever™, but because soon we will systematically ask users to upgrade when they ask questions about earlier versions of SonarQube, which are now considered unsupported. :smiley:

Hey Colin,

Thanks for the help! I did not see these permissions at first. I was looking in the wrong location

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.