Hi again Akanchha,
I’m consolidating your posts here in this thread I created for you when I moved your post on an only-tangentially related thread to a new thread.
You pose the question slightly differently this second time. Although the answer is largely the same: look to the plugin vendor.
That said, from your questions, it looks like Fortify chose to implement a plugin to import its issues as “external” issues, rather than as native issues.
- External issues must be marked False Positive / Won’t Fix in the source tool.
- External issues have no rule descriptions
- I believe you should have equal ability to tag any kind of issue, even external ones.
IMO you should lobby Fortify to provide a plugin that provides rule descriptions and imports its issues as ones that can be managed in SonarQube.
HTH,
Ann