Uploaded image for project: 'SonarSlang'
  1. SonarSlang
  2. SONARSLANG-492

Allow setting vulnerability rule type for gosec issues imported with Golangci-lint reports

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.8
    • Component/s: Go, Kotlin
    • Labels:
    • Estimate:
      Minutes

      Description

      Currently, when importing checkstyle report, we either create a Bug for "error" severity and a Code smell otherwise.

      CheckstyleFormatImporter is used both by Detekt and golangci-lint.

      For Detekt, the issue type is not defined thanks to the previously described code, but thanks to an ExternalRuleLoader, this is therefore out of scope.

      For Golangci-lint, we can not use the severity, since it would be arbitrary and will impact all other linters.
      The alternative is to import all issues coming from gosec as vulnerability.

        Attachments

          Activity

            People

            Assignee:
            quentin.jaquier Quentin Jaquier
            Reporter:
            quentin.jaquier Quentin Jaquier
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: