CodeScan SCA Results

Updated 2 months ago by Copado Solutions

Whenever you run a static code analysis, Copado generates a SCA Result record. To locate the latest SCA Results from a User Story or an Org Credential, navigate to the Static Code Analysis Results related list.

In the SCA Result record:

  • Details: It contains the link to review the CodeScan violations in the CodeScan site.
  • Score: It is the aggregate of all rule violations score. The scoring of a rule violation is calculated by subtracting the violated rule’s priority number from 6. Violated rules with a high priority number will throw a high static code analysis result, which means that the higher the result the more probable it is to reach the Maximum Static Code Analysis Score.

  • Bug (Reliability domain)
  • Vulnerability (Security domain)
  • Code Smell (Maintainability domain).

  • Blocker: Priority 1. Bug with a high probability to impact the behavior of the application in production.
  • Critical: Priority 2. Either a bug with a low probability to impact the behavior of the application in production or an issue which represents a security flaw.
  • Major: Priority 3. Quality flaw which can highly impact the developer productivity.
  • Minor: Priority 4. Quality flaw which can slightly impact the developer productivity.
  • Info: Priority 5. Neither a bug nor a quality flaw, just a finding.


Closed issues will have one of two resolutions:

  • Fixed - When a subsequent SCA Analysis run shows that the issue has been corrected or the file is no longer available.
  • Removed - When the related rule is no longer available.

Resolved issues will have one of two resolutions:

  • False Positive
  • Won't Fix

  • Open - set by SonarQube on new issues
  • Confirmed - set manually to indicate that the issue is valid
  • Resolved - set manually to indicate that the next analysis should Close the issue
  • Reopened - set automatically by SonarQube when a Resolved issue hasn't actually been corrected
  • Closed - set automatically by SonarQube for automatically created issues.

Additional Reading

CodeScan SCA Violations

How did we do?