Reviewing issues

You can retrieve and view the issues detected during the analysis of any public project. For a private project, you must have the Browse permission on the project.

Viewing issue details

To view the issue’s details, retrieve an issue and click on its title. See Retrieving issues for more information.

The main components of the issue detail page are as follows:

  1. A list of filtered issues.

  2. A path to the code file where the issue is located.

  3. Current issue.

  4. Other issues that were raised in the same code file.

  5. A detailed view of the issue.

  6. The coding rule that raised the issue. Click on the link to read more about the rule that raised the issue.

  7. Tabs with detailed information about the issue:

    • Where is the issue? See the issue’s location and message in the code.

    • Why is this an issue? Read the issue’s description.

    • How can I fix it? See how to fix the issue and view a noncompliant code example and a compliant solution.

    • Activity: Read comments and management history of the issue.

    • More info: View additional resources and information that can help you to understand and fix the issue.

  8. Issue message displayed in the code.

There are eight key places in the SonarQube Cloud user interface to review an issue’s details.

Navigating through the issue’s secondary locations

All SonarQube Cloud issues specify a location in the code showing where the issue occurs. However, some of the more complex rules produce issues for which a single location is not enough to adequately explain why the issue has occurred. These more complex rules often identify additional locations in the code to help understand the problem. These additional locations are referred to as secondary locations. Secondary locations may just indicate other locations that are related to the issue or may identify a flow through the code that leads to the issue.

Other locations

Retrieve the issue and navigate to the issue's detail view. See Retrieving issues for more information.

  1. Additional locations are shown in the left sidebar. Click on the locations to highlight them in the code on the right. You can also use the keyboard combination indicated under the list to navigate to the previous or next location.

  2. The highlighted location of the issue in the code with the issue’s message.

  3. List of additional locations in the code on the right side.

When reviewing your issue's details, additional locations will be listed in the left sidebar. The location of your selected instance is highlighted in the code, and additional locations are called out with red numbers in the code.

Execution flow

When the issue originates upstream, paths through the code (execution flows) are shown from the source to the sink (destination). In particular, for issues breaking a security-injection rule, there is a vulnerability when the inputs handled by your application are controlled by a user (potentially an attacker) and not validated or sanitized. In that case, SonarQube Cloud displays the execution flow from the sources (user-controlled inputs) to sinks (sensitive functions).

Check out this video for an example of a security issue with an execution flow.

To navigate through the execution flow of an issue:

  1. Retrieve the issue and open its detail view. See Retrieving issues for more information. The execution flows are listed in the left sidebar.

  2. To navigate to a location in the execution flow, select it in the list. You can also use the key combination indicated under the flow to navigate to the previous or next location in the flow.

SonarQUbe Cloud calls out the execution flow for issues that break security-injection rules. The flow of information through the issue is shown in the left sidebar.

Management history and comments

  1. Retrieve the issue and open its detail view. See Retrieving issues for more information.

  2. Open the Activity tab. The tab shows the number of comments added to the issue.

  3. View the activities and comments or click Add a comment to leave a comment about the issue.

Last updated

Was this helpful?