Reputation: 456
SonarQube adds all issues as Code Smell
After upgrading to 5.5 version and now the latest (5.6) SonarQube always shows the issues I create through my plugin as "Code Smell". I would like to know more about the categorization and how can I add them as other types ("Vulnerability" and "Bug"). The code where I create the issues is as follows:
Issuable issuable = this.resourcePerspectives.as(Issuable.class, inputFile);
if (issuable != null) {
Issue issue = issuable.newIssueBuilder()
.ruleKey(activeRule.ruleKey())
.line(vulnerability.getLine())
.message(someMessage)
.severity(severity)
.build();
issuable.addIssue(issue))
} //...
Upvotes: 4
Views: 4996
Answers (1)
Reputation: 22804
Current support for bugs and vulnerabilities is a "creative implementation" (read "hack") based on tags. So, add the "bug" tag to your rule and its issues will be raised as bugs. Add the "security" tag to a rule and its issues will be raised as vulnerabilities.
Rules with both "bug" and "security" tags will be treated as bug rules.
For future reference, this mechanism is expected to change in the "near" future, but there's currently no schedule for it.
Edit
The current (6.1) version of the API provides the ability to simply declare rule type.
Upvotes: 6
Related Questions
- Make this field as final facing an issue in sonarqube code smells?
- SonarQube email notification format changed after upgrade from 6.4 -> 6.7.2
- SonarQube 6.7 - New issue identification
- SonarQube v5.6+ with Java plugin v42 Inconsistent Severity rating between summary and detail view
- Filtering on sonarqube Type (i.e. Bug/Vulnerability/Code Smell) = empty results
- SonarQube 6.0 Link to code for issues not working
- 401 Unauthorized error analyzing with TFS 2015 and SonarQube 5.6.1