Sonarqube 8.9.6 some rules type are different from issues type

Hi everybody,

I`ve installed the 8.9.6 version of Sonarqube server and i’ve found a problem with rule types and issue types:

  • version used (SonarQube 8.9.6)
  • error observed:
    When i execute analysis for a lot of projects, i`ve found maybe a bug with (for now) two rules.
  • Java:s899: This rule is a BUG, but, when i see its issues, it appears like a VULNERABILITY
  • Java:s2386: This rule is a CODE SMELL, but, when i see its issues, it appears like a VULNERABILITY

I`m searching for more rules with problems like those.
¿Do you have any report about this previously? ¿How could i repair it?

Thanks a lot!

Sometimes rule types can change between versions of SonarQube – when that happens, issues which have already been raised don’t have their type changed. This is the case for both these rules (see SONARJAVA-3485 and SONARJAVA-3484).

We recognize this can be misleading (and that existing projects don’t fully benefit from the adjustments we do). We’ll add your feedback so hopefully this can someday be prioritized.

In the meantime you might benefit from the Bulk Change feature available on the global issues page, after filtering to the rule in question (to update the rule type of existing rules)