What happens in Sonar when a ServiceNow ticket is closed?

Hi everyone,

I had a question about SonarQube’s integration with ServiceNow. If a team has a third party dependency vulnerability and they create an exception in ServiceNow, they notify our team and we manually go into SonarQube and mark those related CVE’s as ‘won’t fix’. However, what happens when they resolve the issue and close the ticket? Will SonarQube be able to detect in the next scan that those vulnerabilities are no longer there and automatically mark those CVE’s as ‘resolved’? Or, does the CVE stay as ‘won’t fix’ until someone manually goes in and re-tags it to ‘resolved’?

Thanks in advance.

Hey there.

There’s no specific integration between SonarQube and ServiceNow.

However, it sounds like you’re talking about fixing issues in the code that are being raised by SonarQube. In that case, once they’re fixed and your code is reanalyzed, those issues will be marked as fixed in SonarQube (even if you marked them as “Won’t fix” before).

Thank you!!