Supress security hotspot in Razor file

  • ALM used: Azure DevOps
  • CI system used: Azure DevOps
  • Languages of the repository
  • Only if the SonarCloud project is public, the URL
    • And if you need help with pull request decoration, then the URL to the PR too
  • Error observed (wrap logs/code around with triple quotes ``` for proper formatting)
  • Steps to reproduce
  • Potential workaround

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

I’ve C# static code analysis: Using clear-text protocols is security-sensitive being reported as a false positive in a *.razor file. How can I suppress this in the code? I tried with SuppressMessage attribute, pragma disable warning and //NOSONAR, but none of it seems to work


Hi @pascalberger,

Currently, we do not support issue suppression for .razor/.cshtml files. I’ve added an issue for this: Analysis warnings in .razor files cannot be suppressed · Issue #8050 · SonarSource/sonar-dotnet · GitHub.

The workaround is to review the hotspot on the server.


In my case the recent introduction of Razor analysis lead to the issue in any pull request, since it throw a warning in the build. But there was no security hotspot on the pull request analysis in SonarCloud, which could be reviewed. Only workaround was to disable Razor analysis.

Hi Pascal,

Can you help us with a code snippet or a reproducer? If you give us more details it will help us understand the problem and fix the FP.