Sonarqube Enterprise Edition…
So the Sonar Scan find lets say for example 50 Blocker issue in the Security Vulnerability maybe all categorised under OWASP TOP 10 with ratings of C, D, E.
So my questions are
-
is each “found issue” for the scan given a unique ID? e.g how can i uniquely track and view / report that this found issue is remediated?
-
Whats the remediation process? Are the steps documented somewhere? I’ve looked on sonar source documentation and cannot find anythign of significant detail. So basically is there a process documented from “found issue to Closed |remediated” issue? whats the end to end process a developer would need to do.
Appreciate the help here
Thanks!