search
Ctrlk
Start Free

Reviewing issues

Navigate and review issues raised by SonarQube's automated code review and analysis.

SonarQube highlights the specific lines of code associated with identified issues.

To view an issue in the code:

  1. Retrieve the issue and open its detail view. See Retrieving issues for more information.

  2. In the Where is the issue? tab, you can see the issue’s location with the issue message.

    1. Where is the issue? tab

    2. Code that raised the issue.

    3. Issue message shown in code.

  3. Depending on the issue, secondary locations or execution flows may be displayed to help you understand it or trace its source. To navigate through the secondary locations or the issue flow, see below.

  4. To understand why this is an issue, open the Why is this an issue? tab in the issue description. You can also open the rule that raised the issue by selecting the rule link at the top of the issue description.

hashtag
Navigating through the issue’s secondary locations

All SonarQube Server issues specify a location in the code showing where the issue occurs. However, some of the more complex rules produce issues for which a single location is not enough to adequately explain why the issue has occurred. These more complex rules often identify additional locations in the code to help understand the problem. These additional locations are referred to as secondary locations. Secondary locations may just indicate other locations that are related to the issue or may identify a flow through the code that leads to the issue.

hashtag
Other locations

To navigate through the other locations of an issue:

  1. Retrieve the issue and open its detail view. See Retrieving issues for more information.

  2. Where is the issue? tab opens.

  3. The secondary locations are listed in the left side bar as well as in the code view.

Issue's secondary locations

  1. To navigate to a secondary location, click on it in the list. You can also use Alt/Option + up and down arrows keyboard combination to navigate the code locations.

hashtag
Execution flow

When the issue originates upstream, paths through the code (execution flows) are shown from the source to the sink (destination). In particular, for issues breaking a security-injection rule, there is a vulnerability when the inputs handled by your application are controlled by a user (potentially an attacker) and not validated or sanitized. In that case, SonarQube Server displays the execution flow from the sources (user-controlled inputs) to sinks (sensitive functions).

To navigate through the execution flow of an issue:

  1. Retrieve the issue and open its detail view. See Retrieving issues for more information.

  2. Where is the issue? tab opens.

  3. The execution flows are listed in the left side bar indicating the execution flow across multiple files.

  4. To navigate to a location in the execution flow, select it in the list. You can also use Alt/Option + up and down arrows keyboard combination to navigate the code locations.

hashtag
Viewing the issue management history and comments

  1. Retrieve the issue and open its detail view. See Retrieving issues for details.

  2. Open the Activity tab. The tab displays the number of comments for the issue.

  3. Click the Add a comment button to create a new one.

Activity tab
PreviousRetrieving issuesNextEditing issues

Last updated

Was this helpful?