Hi everyone,
When I am looking at a vulnerability under ‘Issues’ I can see the creation date and sometimes who it was created by. For example, ‘November 23, 2019 at 1:11 PM Created by m********@********.com’. What does this ‘Created by’ mean? Does that mean that person added a new package or new code that introduced that vulnerability? Why do only older identified issues show who the issue was created by and the new ones don’t?
Thank you in advance!!
Hi,
Part of the analysis process correlates SCM ‘blame’ data against the code. Issues are then attributed to the last person to have touched the line the issue was raised on. So that’s your ‘Created by’: the person who made the code change that (apparently) created the issue.
That’s a great question. At a guess, there’s something going on with the availability of SCM blame data to recent analyses. Or perhaps, there’s no user in SonarQube that corresponds to the SCM username the issue would be attributed to.
HTH,
Ann