-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for Sonar 10.2 Software Quality Severities #870
Comments
Current behavior Versions (please complete the following information): |
I would like to underline this report. I have discovered the same issue. The mapping of Blocker, Critical and Major issue severity findings are mapped on the newly introduced software qualities impact severity "Medium" in Sonar 10. As requested by Blir it would help a lot to have a configuration in place which reflects the new software qualities impact severity (High, Medium, Low). |
I took the latest changes from the Master Branch (sonar-dependency-check-plugin-5.0.0-SNAPSHOT.jar) and this is what I get after rebooting sonarqube
|
Hi @Reamer, this is happening after the security hotspot rule was removed. Does this need reinstating or does something else need to change? |
I have not yet tried this myself. I also don't know how to remove Rules. Maybe you have to mark them as deprecated first. Is there still the feature of security hotspots in SonarQube 10.2? |
Yes, so I've created a PR to reinstate it (the original change was just to remove a deprecated method on the rule). |
I have just released 5.0.0. With the new version and the help of @NIGCH , the error should no longer occur. |
Describe the bug
Beginning in Sonar 10.2, the severity values of Blocker, Critical, Major, Minor, and Info are deprecated. See here. I am opening this as a bug because this plugin claims to support Sonar 10.X per the README.md. However, the configuration of this plugin only references the deprecated severity levels.
Does this plugin actually support the new Sonar 10.2 severity levels?
Additionally, I am seeing that when upgrading my Sonar version, my old issues from this plugin that were Blocker severity have migrated to Medium severity. According to the page I linked above, they should have been migrated to High severity. Is this plugin interfering with this migration process?
To Reproduce
Current behavior
This plugin only references deprecated severity levels.
Expected behavior
Since this plugin claims to support SonarQube 10.X, it should at a minimum document its behavior when used with SonarQube 10.2 which deprecates the severities referenced by this plugin's documentation. Ideally, the configuration should reflect the new severities.
Screenshots
I expect no screenshots are necessary, let me know if you'd like me to add any.
Versions (please complete the following information):
Additional context
None.
The text was updated successfully, but these errors were encountered: