4

After upgrading to 5.5 version and now the latest (5.6) SonarQube always shows the issues I create through my plugin as "Code Smell". I would like to know more about the categorization and how can I add them as other types ("Vulnerability" and "Bug"). The code where I create the issues is as follows:

Issuable issuable = this.resourcePerspectives.as(Issuable.class,  inputFile);
    if (issuable != null) {
        Issue issue = issuable.newIssueBuilder()
            .ruleKey(activeRule.ruleKey())
            .line(vulnerability.getLine())
            .message(someMessage)
            .severity(severity)
            .build();

            issuable.addIssue(issue))
    } //...
G. Ann - SonarSource Team
  • 22,346
  • 4
  • 40
  • 76
jonypera
  • 446
  • 2
  • 13
  • 23

1 Answers1

6

Current support for bugs and vulnerabilities is a "creative implementation" (read "hack") based on tags. So, add the "bug" tag to your rule and its issues will be raised as bugs. Add the "security" tag to a rule and its issues will be raised as vulnerabilities.

Rules with both "bug" and "security" tags will be treated as bug rules.

For future reference, this mechanism is expected to change in the "near" future, but there's currently no schedule for it.

Edit

The current (6.1) version of the API provides the ability to simply declare rule type.

G. Ann - SonarSource Team
  • 22,346
  • 4
  • 40
  • 76
  • Thank you for the explanation. I suppose there isn't a way to add tags on-the-fly at the time of the creation of the issue (object), am I right? – jonypera Jun 20 '16 at 12:50
  • Uhm... that would be a very dark corner of the API indeed. – G. Ann - SonarSource Team Jun 20 '16 at 14:37
  • 1
    No problem. Glad to know how that categorization works at least. In the future (like you said), it would be nice to categorize the issue with ease, like one more parameter of `newIssueBuilder()`. Just a developer's suggestion :) Thanks again. – jonypera Jun 20 '16 at 14:43