Fixing issues

Whether your issue is about a potential security problem, considered to be a bad coding practice, or a more serious logic error, fixing issues usually involves changes to the code. SonarQube for IDE’s issue messages contain useful information about how to fix the potential problem and include a rule description so that you can learn more about why the issue is reported.

SonarQube for Visual Studio offers multiple ways to investigate and fix problems in your code. Issues are usually presented in multiple locations and you can typically hover and/or click or right-click over these markers to open a tooltip that reveals your options. See the Investigating issues page for more information about finding and identifying your issues.

Quick fixes

When a file is open and there are issues with quick fixes then a lightbulb will appear on the line of the issue.

If the lightbulb is clicked, a menu with possible quick fixes will be opened.

If one of the quick fixes is selected, the fix will be applied automatically to your code.

Known limitations for quick fixes

• Quick fixes for the whole line are always shown #2878. To be explicit, the user is always shown quick fixes for all issues on the current line, rather than just for the current issue.

• When an edit elsewhere invalidates an issue, quick fixes are visible on the invalidated issue until a new analysis is run. When a new a new analysis is triggered (see Running an analysis), and the issue (with its subsequent quick fix) no longer exists, there is no quick fix to offer.

AI CodeFix in your IDE

When using the AI CodeFix feature in in SonarQube (Server, Cloud) while in connected mode, you can use View Fix in IDE to generate a diff view in the IDE which provides an opportunity to accept or reject the suggestion before committing the change. Please see the AI Capabilities pages in SonarQube (Server, Cloud) for more details:

• AI capabilities in SonarQube Server

• AI capabilities in SonarQube Cloud

Fixing injection vulnerabilities

Please see the documentation about Injection vulnerabilities for more information about working with these particular security issues.

Marking issues

In SonarQube for Visual Studio 7.5+ running in Connected mode with SonarQube (Server, Cloud) or SonarQube Community Build, it is possible to mark issues as Won’t Fix or False Positive from the IDE.

Select a SonarQube for Visual Studio issue in the Error window, right-click, and select Mark Issue as… from the list of actions.

Marking an issue can be applied only to known issues, issues found by SonarQube for Visual Studio that match those found on SonarQube (Server, Cloud) or SonarQube Community Build. Marks made on known issues will be reflected on the SonarQube (Server, Cloud) or SonarQube Community Build server within a few minutes.

At this time, it is not possible to unmark, or reopen an issue in SonarQube for Visual Studio. All issues must be reopened in SonarQube (Server, Cloud) or SonarQube Community Build, and will again show in SonarQube for Visual Studio after the next server synchronization. Please see the server articles about an issue's life cycle for details:

• The Issue management solution in SonarQube Server

• The Issue management solution in SonarQube Cloud

• The Issue management solution in SonarQube Community Build

Requirements for marking issues

• SonarQube for Visual Studio 7.5.

• Running in connected mode with SonarQube (Server, Cloud) or SonarQube Community Build.

• In SonarQube Server, or SonarQube Community Build, the Administer Issues permission must be granted to the user(s).

Marking issues is not supported for Security hotspots or Injection vulnerabilities. Please see the dedicated pages for fixing each of those issue types.