Reviewing issues

Viewing the issue's details

To view the issue's details, retrieve the issue and click on it's title.

The main components of the issue detail page are as follows:

1. A list of filtered issues.
2. A path to the code file where the issue is located.
3. Current issue.
4. Other issues that were raised in the same code file.
5. A detailed view of the issue.
6. The coding rule that raised the issue. Click on the link to read more about the rule that raised the issue.
7. Tabs with detailed information about the issue: 
   • Where is the issue? See the issue’s location and message in the code.
   • Why is this an issue? Read the issue’s description.
   • How can I fix it? See how to fix the issue and view a noncompliant code example and a compliant solution.
   • Activity: Read comments and management history of the issue.
   • More info: View additional resources and information that can help you to understand and fix the issue.
8. Issue message displayed in the code.

Navigating through the issue's secondary locations

All SonarQube Cloud issues specify a location in the code showing where the issue occurs. However, some of the more complex rules produce issues for which a single location is not enough to adequately explain why the issue has occurred. These more complex rules often identify additional locations in the code to help understand the problem. These additional locations are referred to as secondary locations. Secondary locations may just indicate other locations that are related to the issue or may identify a flow through the code that leads to the issue.

Other locations

Retrieve the issue and navigate to the issue's detailed view.

1. Additional locations are shown in the left sidebar. Click on the locations to highlight them in the code on the right. You can also use the keyboard combination indicated under the list to navigate to the previous or next location.
2. The highlighted location of the issue in the code with the issue's message.
3. List of additional locations in the code on the right side.

Execution flow

When the issue originates upstream, paths through the code (execution flows) are shown from the source to the sink (destination). In particular, for issues breaking a security-injection rule, there is a vulnerability when the inputs handled by your application are controlled by a user (potentially an attacker) and not validated or sanitized. In that case, SonarQube Cloud displays the execution flow from the sources (user-controlled inputs) to sinks (sensitive functions). 

To navigate through the execution flow of an issue:

1. Retrieve the issue and open its detail view. The execution flows are listed in the left sidebar. 
2. To navigate to a location in the execution flow, select it in the list. You can also use the key combination indicated under the flow to navigate to the previous or next location in the flow.

Management history and comments

1. Retrieve the issue and open its detail view.
2. Open the Activity tab. The tab shows the number of comments added to the issue.
3. View the activities and comments or click Add a comment to leave a comment about the issue.