Unable to mark issue as false positive

We use golangci-lint to augment Sonar analysis of our Go code, and done this for years on our private project. Today the linter has found a minor issue that we want to mark as Won’t Fix but somehow the Open state is not clickable to be changed.

Other Go issues found directly by Sonar are non blocking:
image

Since this is a private project I cannot share much more on a public forum.

Hey there.

External issues (issues imported fromother reports) can’t be marked false-positive/wont-fix in SonarCloud – we suggest marking them as False Positive / Won’t Fix in the source tool so that they aren’t raised in the report fed to SonarCloud.

@Colin this is a usability regression from what was possible before. I’m getting numerous complaints from our developers, and I do not even have an official announcement about the change to point them to.

Hey there.

That’s really odd – asnothing has changed in this regard for external issues (this is how it has worked for as long as it has been possible to import external issue reports, like those from Golang CI). You can find a number of threads on this forum indicating that.

Up to two weeks ago we were able to change the type from Bug to something else and lower the severity as a way to unblock on the quality gate.

We really need a way to have Sonar: force a review of some more sensitive issues (can’t merge until explicitly reviewed), but then have a way to acknowledge the issue without fixing it so that the merge can proceed. The only way to do so right now is to either mark an issue as Won’t Fix (but that’s forever), if that’s available, and for the other ones, like here, is to disable the linter at the source code level, which also silence it forever.

We really need a way to say: needs to be fixed but we can’t do it in this specific PR. Some use cases for this is when we refactor code. For example if I rename a method in an API and I change all the callers to use the new name I might be refactoring dozens of files and making additional business logic change at that time is very undesirable, and detected issues should probably not be silenced either.

We could remove quality gates, but then the detected issues would rarely be looked at and that would make Sonar almost useless.

In short since the ability to change the type/severity level has been removed, it causes a usability regression for external issues and as such please allow Won’t Fix to work for these.

2 Likes

We acknowledge this usability regression you are facing and the need to resolve external issues as ‘Won’t fix’. We will consider this use case for upcoming releases.

1 Like