On this page
Frequently asked questions
SonarCloud does not require single sign-on (SSO), as authentication is performed on the DevOps platform side.
The following code repository platforms are supported as identity providers:
- Bitbucket Cloud
- Azure DevOps Services
You must have an account on one of these code repository platforms to log in to SonarCloud.
- You can mark individual issues as false positive or won't fix through the issues interface. If you're using short-lived branch and pull request analysis, issues marked as false positive or won't fix will retain that status after merge. This is the preferred approach.
When you mark a vulnerability as false positive or won't fix, explain why in the comment box. This feedback and the vulnerability context (current file content, issue and rule details) are reviewed by our teams to make SonarCloud better.
- Most language analyzers support the use of the generic mechanism:
//NOSONARat the end of the line of the issue. This will suppress all issues - now and in the future - that might be raised on the line.
- In your organization: Administration > Projects Management you can search for Last analysis before to filter projects not analyzed since a specific date, and then use bulk Delete to remove the projects that match your filter.
- This can be automated using the corresponding Web API:
- SonarCloud supports the following browsers:
- the last 3 Chrome versions
- the last 3 Firefox versions
- the last 3 Safari versions
- the last 3 Edge versions
- If you are performing analysis in your local build environment through an installed scanner tool, then the Java runtime environment of the scanner (that is, the Java installed on your build machine) should be at least Java 17. Java 11 is still supported but deprecated.
- Similarly, if you are analyzing in a CI service, you should configure the Java environment to at least Java 17.
- If you are exclusively using automatic analysis, that is, where the SonarCloud service itself does the analysis, you do not have to do anything.
- Pre-Java-17 code (for example, Java 11 code) will continue to be analyzable. The version bump applies only to the environment within which the scanner is running, not the code that is being analyzed. See the Scanner environment page for more details.