Hi SonarQube-Team,
Thank you very much for the feature “Security Hotspot”.
As a plugin maintainer, I need to know how to use a custom rule to control the information displayed and the style in the Security Hotspot View?
Thanks in advance
Hi @Reamer,
Can I add more tabs?
The new hotspot review page supports 3 tabs: What’s the risk?, Are you at risk? & How can you fix it?. Those tabs are populated by sections of the rule description (see this for more information).
Is there a hidden description field?
No there isn’t. Rules have a title (that isn’t displayed on this page) and a description that is split into the different tabs I mentioned. When applied to source code, rules generates a message that is displayed in bold in this page.
How can the category and the review priority be changed?
They can’t. Those are some hardcoded properties of our internal hotspot rules. All unexpected/external ones are supposed to end up in the Others category with a LOW priority.
Although I don’t know anything about the rule you’re trying to implement, I’ve to say that it seems odd to raise a security hotspot for this. Based on what I read, this looks like a true vulnerability and not a hotspot that should be reviewed to understand if you’re at risk or not. See this page for an advanced description of vulnerability/hotspot. WDYT?
Thanks for your help. I’ll give it a try.
Based on what I read, this looks like a true vulnerability and not a hotspot that should be reviewed to understand if you’re at risk or not
Some users of the plugin had expressed the wish to throw the finds as a security hotspot. I support this way because sometimes you have a vulnerable dependency, but your application does not use this vulnerable part of the dependency.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.