I have been looking for options on our SonarQube server
I’m trying out SonarSource/sonarqube-scan-action@v6 and I’m facing an issue.
I get:
0.0% Security Hotspots Reviewed is less than 100%
Security Hotspots are rated E, but I have 0 Security Hotspots.
So, the Quality Gate fails
Is this a known problem or bug in the given action?
Anyone has an idea how to fix it, except the obvious to set the Security Hotspots Reviewed threshold to 0%, which is not wanted?
Hello,
Thanks for answering.
Here are some printscreens, as you can see the problem is both in the New Code section and the Overall Code section.
Limited to 3 images, but all tabs under Security Hotspots shows same result.
Best regards
Leif
Welcome to the community!
It does not seem to be a problem on the scanner side, but rather with computation on the instance level.
To investigate this issue, we need some diagnostic information.
Please provide the following API responses for your project (if possible). These endpoints are called on the Overview and Security Hotspot pages:
Quality Gate status: GET /api/qualitygates/project_status
Security metrics: GET /api/measures/component - the one with new_security_hotspots_reviewed, security_hotspots metrics
Hotspots list: GET /api/hotspots/search
Definition of your quality gate: api/qualitygates/show
Also share these logs (if possible):
Compute Engine logs (ce.log) for the most recent analysis task
Web logs (web.log) from when the quality gate was evaluated
Sorry about the delay, but now i finally have been able to get some information for you.
I will attach a file.
There is an interesting observation and that is api/hotspots/search shows two problems not visible in the GUI.
Can you please also tell us what “New code definition“ are you using for this project? (Go to Project Settings → New Code)
Also if you have direct access to your SonarQube DB, can you try to run these two queries:
Check if hotspots exist in issues table with the flag set
SELECT kee, component_uuid, is_new_code_reference_issue, issue_creation_date
FROM issues
WHERE kee IN (‘1bf04868-698b-45e4-87f5-039102dc2108’, ‘b90c115a-5591-4c3c-9ea8-e2e89d3f2b90’);
Check if they’re in the reference table
SELECT *
FROM new_code_reference_issues
WHERE issue_key IN (‘1bf04868-698b-45e4-87f5-039102dc2108’, ‘b90c115a-5591-4c3c-9ea8-e2e89d3f2b90’);
If you are using “New code definition: Previous version“ , can you try to switch to “Number of days” and to rerun the analysis?
Hi Alexander,
And thanks for answering.
We know that issues exists, can be fetched using the API and probably in many other ways but the GUI, information has been provided.
I just wonder, is there a more efficient way we can try to solve this problem, time flies and I’m not even close to finding a solution.
BTW, I hope you don’t mind me asking, are you working for Sonar or are you just someone who just tries to help seeing this in the community pages?
I’m just curious, all help are off course appreciated.
Best regards
Leif
Hi,
Sorry for the long delay, but I’m currently on vacation.
However I have forwarded your question to the Sonar responsible within our corporation, so I have he can give you more answers.
And I have attached one screen dump.
Hi again,
I have now changed to Number of days: 30
Then it worked.
And next I changed it to 60 and it still worked.
Finally I changed it back to Previous version and that failed even though the previous scan worked.
What does Previous version mean and what is the conclusion?
Best regards
Leif
Hello again,
I have been asking the inhouse Sonar team and no answers to the SQL queries yet, I have no access to the db.
Anyhow, the inhouse Sonar team @ our company SEB (SE Banken), has also filed an errand in the matter, so what is the next step now?
Best regards
Leif
Hi,
Now I finally have got the results from the SQL queries.
Seems to me that there is something wrong in the database.
How can this be fixed?
Best regards
Leif
ERROR: trailing junk after numeric literal at or near “698b” LINE 3: WHERE issue_key IN (‘1bf04868-698b-45e4-87f5-039102dc2108’, … ^ SQL state: 42601 Character: 71
