Sonarqube 8.8 Issues tab showing vulnerabilities not consistent with Security Reports Tab

SonarQube
1

We are leveraging Sonarqube 8.8 in our test environment and notice a strange issue with regards to security scan reporting where at first glance, within the Security Reports tab, there security vulnerabilities showing up as zeros shown below:

image
image817×614 73 KB

however; when navigating to the issues tab, I am seeing the following as shown below:

image
image817×601 113 KB

I am not sure as to why this is occurring, but we typically leverage the Issues tab as a way to do deeper analysis dives in an effort to locate any findings. Any insight as to what could be causing this issues. Perhaps there is some kind of data sync or reporting issues of some sort going on. Any assistance in this matter would be greatly appreciated.

Regards,

Kevin

3

Hi,

Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

8.8 → 8.9.8 → 9.5 (last step optional)

You may find the Upgrade Guide helpful. If you have questions about upgrading, feel free to open a new thread for that here.

Regarding your question, I suspect you’re facing a corrupt Elasticsearch index. ES indices are typically recreated during an upgrade.

As a short-term fix while you’re planning your upgrade to a supported version, you could try:

  • stop the server
  • delete `$SONARQUBE-HOME/data/es7
  • restart the server

 
Ann

4

Hi Ann,
Thanks for the quick response. I will try the short term fix as you suggested. Question on upgrade, is there a database migration utility available as part of the upgrade. I want to try an avoid losing all the historical data if possible.

Regards,

Kevin

5

Hi Kevin,

The Upgrade Guide recommends you back up your database before upgrade, but that’s mainly a precaution. I’d say the backup is needed probably 1 in 10k upgrades.

But it’s recommended because SonarQube itself updates its own schema during the upgrade. So no separate utilities needed, and you won’t lose any data. Just do the SonarQube upgrade and it will all be taken care of.

 
HTH,
Ann

7

Hi Ann,
Thanks again for the assistance. We will give it a try.

Regards,

Kevin

1 Like