SonarQube API gives to Analyzers the possibility to highlight secondary locations linked to an issue. This is working well for the Cognitive Complexity rule (RSPEC-3776) where Analyzers can show where the complexity is increased inside the too complex method. It really helps the developer to understand why we are raising on issue here and what could be done to cut the complexity.
This secondary locations API allows Analyzers to set locations on other files than the one where the issue is. This is great and this is what is currently used by rules relying on CFG or uCFG.
Today, when an issue is involving multiple files, it's really hard to understand the flow of the variables because the UI is moving/jumping from one file to the other and so it's complicated to get the big picture.
The goal of this MMF is to list the pain and explore the solutions to enhance the usability of issues involving a data flow. These changes will be directly used by the Security feature (aka SonarSecurity) provided by SonarQube DE+ but also for rules such as the NPE (RSPEC-2259) for SonarJava.
This EPIC is having impacts on SonarQube UI and also on the Analyzers feeding SQ. See the "Issues in Epic" for details.