Reviewing issues

You can retrieve and view the issues detected during the analysis of any public project. For a private project, you need the Browse permission on the project.

Retrieving issues

To retrieve issues:

1. In the top navigation bar of SonarQube, select Issues. Alternatively, you can:

• Retrieve the issues of a given project: In the top navigation bar of SonarQube, select Projects and choose the project you want to view. Then, in the project navigation bar, select Issues. 
• Retrieve issues from an analysis report by selecting the reported number of issues as illustrated below.

The Issues page opens. Below is a description of the page layout.

2. In the Filters, enter your search criteria to filter the list of issues. For information about the filters, see Basic concepts related to issues. 

• To retrieve the issues assigned to you, select My Issues at the top of the Filters section.
• To retrieve unassigned issues, open the Assignee filter and select Not assigned.

The search results (issue cards) are listed in the right section.

3. To navigate to an issue: open the respective hyperlink, or select the issue card in the search results and press your Right arrow key. The detail view of the issue opens in the right section and the left sidebar shows the search results. To start a new search, press the Left arrow key or navigate one step back in your browser.

Viewing the issue in the code

SonarQube shows the code that it raised issues on.

To view an issue in the code: 

1. Retrieve the issue and open its detail view as described above. 

2. In the Where is the issue? tab, you can see the issue’s location with the issue message. 

3. Depending on the issue, secondary locations or execution flows may be displayed to help you understand the issue or trace the issue source. To navigate through the secondary locations or navigate through the issue flow: see below.

4. To understand why this is an issue, open the Why is this an issue? tab in the issue description. You can also open the rule that raised the issue by selecting the rule link at the top of the issue description.

Navigating through the issue's secondary locations

All SonarQube issues specify a location in the code showing where the issue occurs. However, some of the more complex rules produce issues for which a single location is not enough to adequately explain why the issue has occurred. These more complex rules often identify additional locations in the code to help understand the problem. These additional locations are referred to as secondary locations. Secondary locations may just indicate other locations that are related to the issue or may identify a flow through the code that leads to the issue.

Other locations

To navigate through the other locations of an issue:

1. Retrieve the issue and open its detail view as described above in Retrieving issues. In the left sidebar, the secondary locations are listed as illustrated below.

2. To navigate to a secondary location, click on it in the list. You can also use the keyboard combination indicated under the list to navigate to the previous or next location.

Execution flow

Paths through the code (execution flows) are shown from the source to the sink (destination) when the issue originates upstream. In particular, for issues breaking a security-injection rule, there is a vulnerability when the inputs handled by your application are controlled by a user (potentially an attacker) and not validated or sanitized. In that case, SonarQube displays the execution flow from the sources (user-controlled inputs) to sinks (sensitive functions). 

To navigate through the execution flow(s) of an issue:

1. Retrieve the issue and open its detail view as described above. In the left sidebar, the execution flows are listed as illustrated below. In the example below, the source is located in another file than the sink.

2. To navigate to a location in the execution flow, select it in the list. You can also use the key combination indicated under the flow to navigate to the previous or next location in the flow.

Opening issues in your IDE

To speed up the time it takes to find and fix the issue, you can open the issue in your IDE provided the Connected Mode has been properly set up in order to connect SonarLint with SonarQube. 

To open an issue in your IDE:

1. Retrieve the issue and open its detail view as described above in Retrieving issues. 
2. In the Where is the issue? tab, select Open in IDE. 

Getting AI-generated fix suggestions

This feature is available in Early Access, in Enterprise Edition and above.

If AI-generated fix suggestions are activated in your SonarQube instance, you can generate fix suggestions for the issues detected in your projects. The suggestions are generated using OpenAI's GPT-4. 

To generate a fix suggestion: 

1. Retrieve the issue and open its detail view as described above in Retrieving issues. 
2. Go to the Where is the Issue or the Code Fix tab and click the Generate Fix button. 

You can then copy the generated fix suggestion to your IDE:

• manually, by copying and pasting the suggestion into your IDE.
• using the Code Fix > View Fix in IDE button if you use Connected Mode. This feature is available with SonarLint for VS Code, IntelliJ, and Eclipse.

Note that for some issues, AI-generated fix suggestions are not available.

Viewing the issue management history and comments

1. Retrieve the issue and open its detail view as described above in Retrieving issues. 
2. Open the Activity tab.

Copying the URL of an issue

1. Retrieve the issue and open its detail view as described above in Retrieving issues. 
2. Select the Link icon as illustrated below.