Start Free
Latest | User guide | Managing issues | Reviewing issues

Reviewing issues

On this page

SonarQube shows the code that it raised issues on.

To view an issue in the code: 

1. Retrieve the issue and open its detail view. 

2. In the Where is the issue? tab, you can see the issue’s location with the issue message. 

3. Depending on the issue, secondary locations or execution flows may be displayed to help you understand the issue or trace the issue source. To navigate through the secondary locations or navigate through the issue flow: see below.

4. To understand why this is an issue, open the Why is this an issue? tab in the issue description. You can also open the rule that raised the issue by selecting the rule link at the top of the issue description.

Navigating through the issue's secondary locations

All SonarQube issues specify a location in the code showing where the issue occurs. However, some of the more complex rules produce issues for which a single location is not enough to adequately explain why the issue has occurred. These more complex rules often identify additional locations in the code to help understand the problem. These additional locations are referred to as secondary locations. Secondary locations may just indicate other locations that are related to the issue or may identify a flow through the code that leads to the issue.

Other locations

To navigate through the other locations of an issue:

1. Retrieve the issue and open its detail view. In the left sidebar, the secondary locations are listed as illustrated below.

2. To navigate to a secondary location, click on it in the list. You can also use the keyboard combination indicated under the list to navigate to the previous or next location.

Execution flow

Paths through the code (execution flows) are shown from the source to the sink (destination) when the issue originates upstream. In particular, for issues breaking a security-injection rule, there is a vulnerability when the inputs handled by your application are controlled by a user (potentially an attacker) and not validated or sanitized. In that case, SonarQube displays the execution flow from the sources (user-controlled inputs) to sinks (sensitive functions). 

To navigate through the execution flow(s) of an issue:

1. Retrieve the issue and open its detail view as described above. In the left sidebar, the execution flows are listed as illustrated below. In the example below, the source is located in another file than the sink.

2. To navigate to a location in the execution flow, select it in the list. You can also use the key combination indicated under the flow to navigate to the previous or next location in the flow.

Viewing the issue management history and comments

  1. Retrieve the issue and open its detail view as described above in Retrieving issues
  2. Open the Activity tab.

Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License