Since the latest update to v2025.1.1 (104738) in our Data Center Edition of SonarQube, I am missing the class information on the security hotspots page.
Previously, the security hotspots were first sorted by class name and second by line number. Now they are sorted differently and don’t show the class name on the left overview pane anymore.
Is there a way to configure the UI, bringing this information back in, or could I only hope that the PO is reconsidering his/her UI opinion in that matter?
What are you trying to accomplish? / Why does this matter to you?
It matters because security hotspots are not automatically copied over from one branch to another (including merge requests), not like code issues. Therefore, I need to manually review and often copy the resolution from lower environment branches. Without having the class information this is almost infeasible when triaging hundreds of security hotspots with the same rule violation.
How would that look in SonarQube?
It would look like it used to in older versions.
To my knowledge, we have not made any recent changes to the Hotspots UI that would have removed information from the UI. Could you please let me know which version you were using previously, where the information you need was still available? This will help me investigate what may have changed between the two versions.
Additionally, could you estimate how frequently you need to replicate decisions between branches? This information will help us better understand your use case.
We are always taking over the security hotspot triage decisions from lower branches (INT) to our higher branches (Stage, Quality, Prod). We do not differentiate between environments and enforce that all security hotspots have to be addressed already in INT. If there would be the option to replicate those security hotspot decisions to higher branches, similarly how it is done with other issues, it would save ourselfs a huge amount of time.
