Tracking found issues and process to remediate?

Sonarqube Enterprise Edition…

So the Sonar Scan find lets say for example 50 Blocker issue in the Security Vulnerability maybe all categorised under OWASP TOP 10 with ratings of C, D, E.

So my questions are

  1. is each “found issue” for the scan given a unique ID? e.g how can i uniquely track and view / report that this found issue is remediated?

  2. Whats the remediation process? Are the steps documented somewhere? I’ve looked on sonar source documentation and cannot find anythign of significant detail. So basically is there a process documented from “found issue to Closed |remediated” issue? whats the end to end process a developer would need to do.

Appreciate the help here :slight_smile:




That’s actually an entirely different question. Each issue has a guid and if you really must track it, then you’ll have to resort to the web services that feed the UI (use your browser’s developer tools to get an idea of what calls to make). But you should be able to track remediation … in the UI and based on the metrics and on the Clean as You Code methodology, which is baked-in to the tool.