CodeScan SCA Results
In the SCA Result record:
- Details: It contains the link to review the CodeScan violations in the CodeScan site.
- Score: It is the aggregate of all Rule Violations score. The scoring of a rule violation is calculated by subtracting the violated rule’s priority number from 6. Violated rules with a high priority number will throw a high static code analysis result, which means that the higher the result the more probable it is to reach the Maximum Static Code Analysis Score.
- Bug (Reliability domain)
- Vulnerability (Security domain)
- Code Smell (Maintainability domain).
- Blocker: Priority 1. Bug with a high probability to impact the behavior of the application in production.
- Critical: Priority 2. Either a bug with a low probability to impact the behavior of the application in production or an issue which represents a security flaw.
- Major: Priority 3. Quality flaw which can highly impact the developer productivity.
- Minor: Priority 4. Quality flaw which can slightly impact the developer productivity.
- Info: Priority 5. Neither a bug nor a quality flaw, just a finding.
Closed issues will have one of two resolutions:
- Fixed - When a subsequent SCA Analysis run shows that the issue has been corrected or the file is no longer available.
- Removed - When the related rule is no longer available.
Resolved issues will have one of two resolutions:
- False Positive
- Won't Fix
- Open - set by SonarQube on new issues
- Confirmed - set manually to indicate that the issue is valid
- Resolved - set manually to indicate that the next analysis should Close the issue
- Reopened - set automatically by SonarQube when a Resolved issue hasn't actually been corrected
- Closed - set automatically by SonarQube for automatically created issues.