SonarQube's analysis varies, depending on the language that's scanned, but, in most cases, it generates good-quality measures, issues reports, and finds where coding rules were broken. In this recipe, you will learn where to find types of issues and look into issues by severity.
Make sure that you added the sample project to SonarQube by following the Adding a project recipe. Now, perform the following steps:
- Click on the Issues menu:
- Known vulnerabilities are considered blockers and need to be addressed immediately. Under Filters, expand Severity and select Blocker:
- A hardcoded credential has been detected in the example code, which is a serious vulnerability. To assign this issue to a team member, click on the Not assigned dropdown and type in the person's name to assign it to them:
- Eventually, all the issues need to be either confirmed and assigned or resolved as fixed, false positive, or won't be fixed. The status can be set by clicking on the Open dropdown and changing it to a new status value.