{"total":45,"p":1,"ps":100,"paging":{"pageIndex":1,"pageSize":100,"total":45},"effortTotal":1430,"issues":[{"key":"d0b7a9e5-0976-4b04-a501-7d1659588061","rule":"java:S2068","severity":"MAJOR","component":"SonarSource_sonar-iac:iac-extensions/jvm-framework-config/src/main/java/org/sonar/iac/jvmframeworkconfig/checks/common/AbstractHardcodedSecrets.java","project":"SonarSource_sonar-iac","line":44,"hash":"4731a001b5ace20150493beef2a21abf","textRange":{"startLine":44,"endLine":44,"startOffset":80,"endOffset":117},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"\u0027password\u0027 detected in this expression, review this potentially hard-coded password.","effort":"30min","debt":"30min","tags":["cwe","cert"],"creationDate":"2026-04-07T11:39:32+0000","updateDate":"2026-04-08T05:46:53+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"TRUSTWORTHY","cleanCodeAttributeCategory":"RESPONSIBLE","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"ec2fe6b2-27aa-497d-ae67-13e1fc93e3b8","rule":"java:S6418","severity":"BLOCKER","component":"SonarSource_sonarqube-mcp-server:src/main/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsClient.java","project":"SonarSource_sonarqube-mcp-server","line":35,"hash":"8224b97f261208c6cb96a4a54d869783","textRange":{"startLine":35,"endLine":35,"startOffset":30,"endOffset":37},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"\u0027API_KEY\u0027 detected in this expression, review this potentially hard-coded secret.","effort":"30min","debt":"30min","tags":["cwe","cert"],"creationDate":"2026-03-09T15:33:06+0000","updateDate":"2026-03-10T04:53:28+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"TRUSTWORTHY","cleanCodeAttributeCategory":"RESPONSIBLE","impacts":[{"softwareQuality":"SECURITY","severity":"BLOCKER"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"e78d7ff5-dc72-4cef-9bcc-2cdc9e29efb7","rule":"githubactions:S7630","severity":"BLOCKER","component":"SonarSource_helm-chart-sonarqube:.github/workflows/release.yml","project":"SonarSource_helm-chart-sonarqube","line":48,"hash":"7c9cf2108e8e4d714118ede5367b31be","textRange":{"startLine":48,"endLine":48,"startOffset":94,"endOffset":112},"flows":[],"resolution":"FALSE-POSITIVE","status":"RESOLVED","message":"inputs.buildNumber is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable.","effort":"1h","debt":"1h","tags":["cwe"],"creationDate":"2025-11-28T12:42:59+0000","updateDate":"2026-03-17T04:34:39+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"BLOCKER"}],"issueStatus":"FALSE_POSITIVE","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"d1209424-7cfd-4f61-ac94-a069fc440565","rule":"kubernetes:S6865","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/change-admin-password-hook-values.yaml","project":"SonarSource_helm-chart-sonarqube","line":810,"hash":"5e778dc9a51a35ebce2320d5a522436b","textRange":{"startLine":810,"endLine":810,"startOffset":26,"endOffset":33},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Bind this Service Account to RBAC or disable \"automountServiceAccountToken\".","effort":"1h","debt":"1h","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"c902cf52-4be4-443a-998d-b7d35e6a3ded","rule":"kubernetes:S6864","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/ingress-with-controller.yaml","project":"SonarSource_helm-chart-sonarqube","line":666,"hash":"6fa9ffc0ba1100d972fd85ff8c1dda12","textRange":{"startLine":666,"endLine":666,"startOffset":10,"endOffset":14},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Specify a memory limit for this container.","effort":"5min","debt":"5min","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"b2ad893d-1226-4504-951e-1f1fb5a72954","rule":"kubernetes:S6864","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/ingress-with-controller.yaml","project":"SonarSource_helm-chart-sonarqube","line":1457,"hash":"247ab44acea354e7f1f73011d08be378","textRange":{"startLine":1457,"endLine":1457,"startOffset":10,"endOffset":14},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Specify a memory limit for this container.","effort":"5min","debt":"5min","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"2e0f76ac-4c80-44b9-88b1-74301b6c8de6","rule":"kubernetes:S6864","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/ingress-with-controller.yaml","project":"SonarSource_helm-chart-sonarqube","line":1519,"hash":"8bcee8b4c4efd162dea65c3cfb3ea424","textRange":{"startLine":1519,"endLine":1519,"startOffset":10,"endOffset":14},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Specify a memory limit for this container.","effort":"5min","debt":"5min","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"f9809bb4-f198-4bb6-9b6c-ab578d464351","rule":"kubernetes:S6865","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/secret-values.yaml","project":"SonarSource_helm-chart-sonarqube","line":810,"hash":"5e778dc9a51a35ebce2320d5a522436b","textRange":{"startLine":810,"endLine":810,"startOffset":26,"endOffset":33},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Bind this Service Account to RBAC or disable \"automountServiceAccountToken\".","effort":"1h","debt":"1h","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"2e2c2811-c808-4bf2-ae51-2cdc93dfbeb8","rule":"kubernetes:S6865","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/sonar-web-context-deprecated-values.yaml","project":"SonarSource_helm-chart-sonarqube","line":881,"hash":"5e778dc9a51a35ebce2320d5a522436b","textRange":{"startLine":881,"endLine":881,"startOffset":26,"endOffset":33},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Bind this Service Account to RBAC or disable \"automountServiceAccountToken\".","effort":"1h","debt":"1h","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"bbc86f51-86a3-49b2-817a-a1826f36b647","rule":"kubernetes:S6864","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/sonar-web-context-deprecated-values.yaml","project":"SonarSource_helm-chart-sonarqube","line":883,"hash":"fa431f0b722a5bee44993f091018e277","textRange":{"startLine":883,"endLine":883,"startOffset":8,"endOffset":12},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Specify a memory limit for this container.","effort":"5min","debt":"5min","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"f4d63487-8796-4e48-8151-23b496a86d5e","rule":"kubernetes:S6865","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/sonar-web-context-values.yaml","project":"SonarSource_helm-chart-sonarqube","line":832,"hash":"5e778dc9a51a35ebce2320d5a522436b","textRange":{"startLine":832,"endLine":832,"startOffset":26,"endOffset":33},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Bind this Service Account to RBAC or disable \"automountServiceAccountToken\".","effort":"1h","debt":"1h","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"5079ed27-d2c4-4cb2-a92f-aea0d2a5d24d","rule":"kubernetes:S6864","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/sonar-web-context-values.yaml","project":"SonarSource_helm-chart-sonarqube","line":834,"hash":"2e2db1090302239ef5b60575a8cc91a9","textRange":{"startLine":834,"endLine":834,"startOffset":8,"endOffset":12},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Specify a memory limit for this container.","effort":"5min","debt":"5min","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"b9f6d28a-802c-4b67-b6b3-8fc4c01315bf","rule":"kubernetes:S6865","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/change-admin-password-hook-values.yaml","project":"SonarSource_helm-chart-sonarqube","line":383,"hash":"5e778dc9a51a35ebce2320d5a522436b","textRange":{"startLine":383,"endLine":383,"startOffset":26,"endOffset":33},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Bind this Service Account to RBAC or disable \"automountServiceAccountToken\".","effort":"1h","debt":"1h","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"e0dc2235-e2fa-45c4-8804-5188bef965d4","rule":"kubernetes:S6864","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/ingress-with-controller.yaml","project":"SonarSource_helm-chart-sonarqube","line":483,"hash":"6fa9ffc0ba1100d972fd85ff8c1dda12","textRange":{"startLine":483,"endLine":483,"startOffset":10,"endOffset":14},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Specify a memory limit for this container.","effort":"5min","debt":"5min","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"e8efe9c0-3807-4316-90c5-a48aa9a6b992","rule":"kubernetes:S6864","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/ingress-with-controller.yaml","project":"SonarSource_helm-chart-sonarqube","line":1029,"hash":"247ab44acea354e7f1f73011d08be378","textRange":{"startLine":1029,"endLine":1029,"startOffset":10,"endOffset":14},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Specify a memory limit for this container.","effort":"5min","debt":"5min","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"4ba0395e-e92b-438d-a6a5-148e91fd7f52","rule":"kubernetes:S6864","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/ingress-with-controller.yaml","project":"SonarSource_helm-chart-sonarqube","line":1091,"hash":"8bcee8b4c4efd162dea65c3cfb3ea424","textRange":{"startLine":1091,"endLine":1091,"startOffset":10,"endOffset":14},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Specify a memory limit for this container.","effort":"5min","debt":"5min","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"8a03a9a0-ba6f-4f7d-8762-6ea3069b6a83","rule":"kubernetes:S6865","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/non-default-security-context-values.yaml","project":"SonarSource_helm-chart-sonarqube","line":533,"hash":"5e778dc9a51a35ebce2320d5a522436b","textRange":{"startLine":533,"endLine":533,"startOffset":26,"endOffset":33},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Bind this Service Account to RBAC or disable \"automountServiceAccountToken\".","effort":"1h","debt":"1h","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"3a5f1b1a-db18-4309-a233-86aaebf961d0","rule":"kubernetes:S6865","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/secret-values.yaml","project":"SonarSource_helm-chart-sonarqube","line":383,"hash":"5e778dc9a51a35ebce2320d5a522436b","textRange":{"startLine":383,"endLine":383,"startOffset":26,"endOffset":33},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Bind this Service Account to RBAC or disable \"automountServiceAccountToken\".","effort":"1h","debt":"1h","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"43f7ee97-eeae-4157-8971-ec618a3a87e2","rule":"kubernetes:S6865","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/serviceaccount-values.yaml","project":"SonarSource_helm-chart-sonarqube","line":296,"hash":"8da56aa616611c4e6502e266ce05e850","textRange":{"startLine":296,"endLine":296,"startOffset":26,"endOffset":42},"flows":[{"locations":[{"component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/serviceaccount-values.yaml","textRange":{"startLine":14,"endLine":14,"startOffset":30,"endOffset":34},"msg":"Change this setting","msgFormattings":[]}]}],"resolution":"WONTFIX","status":"RESOLVED","message":"Bind this Service Account to RBAC or disable \"automountServiceAccountToken\".","effort":"1h","debt":"1h","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"9310339d-889a-459c-a736-ca0ad4942f63","rule":"kubernetes:S6865","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/sonar-web-context-deployment-deprecated-values.yaml","project":"SonarSource_helm-chart-sonarqube","line":406,"hash":"5e778dc9a51a35ebce2320d5a522436b","textRange":{"startLine":406,"endLine":406,"startOffset":26,"endOffset":33},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Bind this Service Account to RBAC or disable \"automountServiceAccountToken\".","effort":"1h","debt":"1h","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"ee9845b4-cb7c-4faa-9610-34590e052105","rule":"kubernetes:S6865","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/sonar-web-context-sts-deprecated-values.yaml","project":"SonarSource_helm-chart-sonarqube","line":405,"hash":"5e778dc9a51a35ebce2320d5a522436b","textRange":{"startLine":405,"endLine":405,"startOffset":26,"endOffset":33},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Bind this Service Account to RBAC or disable \"automountServiceAccountToken\".","effort":"1h","debt":"1h","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"b3bd56f2-cf1a-44b6-901c-cff9f5cae242","rule":"kubernetes:S6865","severity":"MAJOR","component":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/sonar-web-context-values.yaml","project":"SonarSource_helm-chart-sonarqube","line":405,"hash":"5e778dc9a51a35ebce2320d5a522436b","textRange":{"startLine":405,"endLine":405,"startOffset":26,"endOffset":33},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Bind this Service Account to RBAC or disable \"automountServiceAccountToken\".","effort":"1h","debt":"1h","tags":[],"creationDate":"2025-11-26T04:06:27+0000","updateDate":"2025-11-28T17:36:58+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"},{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"7f6b8d5c-c260-4333-8aa2-69a207cd4f8d","rule":"githubactions:S7630","severity":"BLOCKER","component":"org.sonarsource.python:python:.github/actions/setup-orchestrator-cache/action.yml","project":"org.sonarsource.python:python","hash":"d17df14838663f1914aca301c7a1ab1c","textRange":{"startLine":19,"endLine":19,"startOffset":59,"endOffset":76},"flows":[],"resolution":"FIXED","status":"CLOSED","message":"inputs.sq-version is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this action to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable.","effort":"1h","debt":"1h","tags":["cwe"],"creationDate":"2025-10-29T13:38:40+0000","updateDate":"2026-03-30T14:24:18+0000","closeDate":"2026-03-30T14:24:18+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"BLOCKER"}],"issueStatus":"FIXED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"36a63fc7-b419-4488-99b3-000e62bb0b6d","rule":"pythonsecurity:S6680","severity":"CRITICAL","component":"rspec-tools:rspec_tools/repo.py","project":"rspec-tools","line":123,"hash":"fb0d5a11ce15ccc3c96d65a11bec6810","textRange":{"startLine":123,"endLine":123,"startOffset":20,"endOffset":51},"flows":[{"locations":[{"component":"rspec-tools:rspec_tools/repo.py","textRange":{"startLine":123,"endLine":123,"startOffset":20,"endOffset":51},"msg":"Sink: this invocation is not safe; a malicious value can be used as argument","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/repo.py","textRange":{"startLine":109,"endLine":109,"startOffset":12,"endOffset":56},"msg":"A malicious value can be assigned to variable ‘counter’","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/repo.py","textRange":{"startLine":109,"endLine":109,"startOffset":26,"endOffset":55},"msg":"Source: a user can craft an HTTP request with malicious content","msgFormattings":[]}]}],"resolution":"WONTFIX","status":"RESOLVED","message":"Change this code to not set loop bounds directly from user-controlled data.","effort":"5min","debt":"5min","tags":["cwe"],"creationDate":"2025-09-03T07:53:17+0000","updateDate":"2025-12-15T16:46:46+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"HIGH"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":["taint"],"linkedTicketStatus":"NOT_LINKED"},{"key":"32dec2d4-e31f-4b98-b67f-45fbdef58c15","rule":"pythonsecurity:S6549","severity":"MAJOR","component":"rspec-tools:rspec_tools/coverage.py","project":"rspec-tools","line":92,"hash":"dd9ce01b8627aac49101bb753b7124c9","textRange":{"startLine":92,"endLine":92,"startOffset":20,"endOffset":36},"flows":[{"locations":[{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":92,"endLine":92,"startOffset":20,"endOffset":36},"msg":"Sink: this invocation is not safe; a malicious value can be used as argument","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":88,"endLine":88,"startOffset":26,"endOffset":30},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":88,"endLine":88,"startOffset":4,"endOffset":25},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":213,"endLine":213,"startOffset":40,"endOffset":78},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":206,"endLine":210,"startOffset":12,"endOffset":13},"msg":"A malicious value can be assigned to variable ‘path’","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":207,"endLine":209,"startOffset":16,"endOffset":70},"msg":"This concatenation can propagate malicious content to the newly created string","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":209,"endLine":209,"startOffset":18,"endOffset":70},"msg":"This string operation can propagate malicious content to the returned object","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":209,"endLine":209,"startOffset":18,"endOffset":51},"msg":"A malicious value was previously assigned to this data structure","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":205,"endLine":205,"startOffset":12,"endOffset":43},"msg":"A malicious value can be assigned to variable ‘sonarpedia’","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":205,"endLine":205,"startOffset":25,"endOffset":43},"msg":"This invocation can propagate malicious content to its return value","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/utils.py","textRange":{"startLine":197,"endLine":197,"startOffset":15,"endOffset":35},"msg":"Source: a user can craft an HTTP request with malicious content","msgFormattings":[]}]}],"resolution":"FALSE-POSITIVE","status":"RESOLVED","message":"Change this code to not construct the path from user-controlled data.","effort":"30min","debt":"30min","tags":["cwe"],"creationDate":"2025-04-11T08:56:55+0000","updateDate":"2026-02-05T14:58:20+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"TRUSTWORTHY","cleanCodeAttributeCategory":"RESPONSIBLE","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"}],"issueStatus":"FALSE_POSITIVE","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":["taint"],"linkedTicketStatus":"NOT_LINKED"},{"key":"e0dac760-659a-48e1-8aa4-3fbee537f03e","rule":"pythonsecurity:S2083","severity":"BLOCKER","component":"rspec-tools:rspec_tools/create_rule.py","project":"rspec-tools","line":129,"hash":"bbdac82b1dc9a45f7764d96ae7da74a2","textRange":{"startLine":129,"endLine":129,"startOffset":16,"endOffset":51},"flows":[{"locations":[{"component":"rspec-tools:rspec_tools/create_rule.py","textRange":{"startLine":129,"endLine":129,"startOffset":16,"endOffset":51},"msg":"Sink: this invocation is not safe; a malicious value can be used as argument","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/create_rule.py","textRange":{"startLine":126,"endLine":128,"startOffset":16,"endOffset":17},"msg":"A malicious value can be assigned to variable ‘final_content’","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/create_rule.py","textRange":{"startLine":126,"endLine":128,"startOffset":32,"endOffset":17},"msg":"This string operation can propagate malicious content to the returned object","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/create_rule.py","textRange":{"startLine":125,"endLine":125,"startOffset":16,"endOffset":56},"msg":"A malicious value can be assigned to variable ‘template_content’","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/create_rule.py","textRange":{"startLine":125,"endLine":125,"startOffset":35,"endOffset":56},"msg":"Source: a user can craft an HTTP request with malicious content","msgFormattings":[]}]}],"resolution":"WONTFIX","status":"RESOLVED","message":"Change this code to not construct the path from user-controlled data.","effort":"30min","debt":"30min","tags":["cwe"],"creationDate":"2025-04-11T08:56:55+0000","updateDate":"2026-02-16T10:02:34+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"BLOCKER"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":["taint"],"linkedTicketStatus":"NOT_LINKED"},{"key":"2d5af5da-b4f4-4334-8505-7fb45af21133","rule":"pythonsecurity:S2083","severity":"BLOCKER","component":"rspec-tools:rspec_tools/create_rule.py","project":"rspec-tools","line":139,"hash":"bbdac82b1dc9a45f7764d96ae7da74a2","textRange":{"startLine":139,"endLine":139,"startOffset":16,"endOffset":51},"flows":[{"locations":[{"component":"rspec-tools:rspec_tools/create_rule.py","textRange":{"startLine":139,"endLine":139,"startOffset":16,"endOffset":51},"msg":"Sink: this invocation is not safe; a malicious value can be used as argument","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/create_rule.py","textRange":{"startLine":136,"endLine":138,"startOffset":16,"endOffset":17},"msg":"A malicious value can be assigned to variable ‘final_content’","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/create_rule.py","textRange":{"startLine":136,"endLine":138,"startOffset":32,"endOffset":17},"msg":"This string operation can propagate malicious content to the returned object","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/create_rule.py","textRange":{"startLine":134,"endLine":134,"startOffset":16,"endOffset":56},"msg":"A malicious value can be assigned to variable ‘template_content’","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/create_rule.py","textRange":{"startLine":134,"endLine":134,"startOffset":35,"endOffset":56},"msg":"Source: a user can craft an HTTP request with malicious content","msgFormattings":[]}]}],"resolution":"WONTFIX","status":"RESOLVED","message":"Change this code to not construct the path from user-controlled data.","effort":"30min","debt":"30min","tags":["cwe"],"creationDate":"2025-04-11T08:56:55+0000","updateDate":"2026-02-16T10:02:39+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"BLOCKER"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":["taint"],"linkedTicketStatus":"NOT_LINKED"},{"key":"05fbb8a4-c174-4a8e-807c-ced29f6f3200","rule":"pythonsecurity:S2083","severity":"BLOCKER","component":"rspec-tools:rspec_tools/utils.py","project":"rspec-tools","line":196,"hash":"074d7de21b0e662fd6e4d2dbd092afc0","textRange":{"startLine":196,"endLine":196,"startOffset":9,"endOffset":36},"flows":[{"locations":[{"component":"rspec-tools:rspec_tools/utils.py","textRange":{"startLine":196,"endLine":196,"startOffset":9,"endOffset":36},"msg":"Sink: this invocation is not safe; a malicious value can be used as argument","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/utils.py","textRange":{"startLine":195,"endLine":195,"startOffset":14,"endOffset":18},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/utils.py","textRange":{"startLine":195,"endLine":195,"startOffset":4,"endOffset":13},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":94,"endLine":94,"startOffset":19,"endOffset":58},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":94,"endLine":94,"startOffset":29,"endOffset":57},"msg":"This invocation can propagate malicious content to its return value","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":88,"endLine":88,"startOffset":26,"endOffset":30},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":88,"endLine":88,"startOffset":4,"endOffset":25},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":213,"endLine":213,"startOffset":40,"endOffset":78},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":206,"endLine":210,"startOffset":12,"endOffset":13},"msg":"A malicious value can be assigned to variable ‘path’","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":207,"endLine":209,"startOffset":16,"endOffset":70},"msg":"This concatenation can propagate malicious content to the newly created string","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":209,"endLine":209,"startOffset":18,"endOffset":70},"msg":"This string operation can propagate malicious content to the returned object","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":209,"endLine":209,"startOffset":18,"endOffset":51},"msg":"A malicious value was previously assigned to this data structure","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":205,"endLine":205,"startOffset":12,"endOffset":43},"msg":"A malicious value can be assigned to variable ‘sonarpedia’","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/coverage.py","textRange":{"startLine":205,"endLine":205,"startOffset":25,"endOffset":43},"msg":"This invocation can propagate malicious content to its return value","msgFormattings":[]},{"component":"rspec-tools:rspec_tools/utils.py","textRange":{"startLine":197,"endLine":197,"startOffset":15,"endOffset":35},"msg":"Source: a user can craft an HTTP request with malicious content","msgFormattings":[]}]}],"resolution":"WONTFIX","status":"RESOLVED","message":"Change this code to not construct the path from user-controlled data.","effort":"30min","debt":"30min","tags":["cwe"],"creationDate":"2025-04-11T08:56:55+0000","updateDate":"2026-01-26T10:12:30+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"BLOCKER"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":["taint"],"linkedTicketStatus":"NOT_LINKED"},{"key":"1281d396-a7a6-4337-a3c3-43f3cd8ff351","rule":"tssecurity:S6096","severity":"BLOCKER","component":"SonarSource_sonar-scanner-npm:src/file.ts","project":"SonarSource_sonar-scanner-npm","line":67,"hash":"e92337baddf4c01a9761fc303c2ca691","textRange":{"startLine":67,"endLine":67,"startOffset":28,"endOffset":45},"flows":[{"locations":[{"component":"SonarSource_sonar-scanner-npm:src/file.ts","textRange":{"startLine":67,"endLine":67,"startOffset":28,"endOffset":45},"msg":"Sink: this invocation is not safe; a malicious value can be used as argument","msgFormattings":[]},{"component":"SonarSource_sonar-scanner-npm:src/file.ts","textRange":{"startLine":67,"endLine":67,"startOffset":46,"endOffset":54},"msg":"A malicious value was previously assigned to field ‘filePath’","msgFormattings":[]},{"component":"SonarSource_sonar-scanner-npm:src/file.ts","textRange":{"startLine":62,"endLine":62,"startOffset":14,"endOffset":22},"msg":"A malicious value can be assigned to field ‘filePath’","msgFormattings":[]},{"component":"SonarSource_sonar-scanner-npm:src/file.ts","textRange":{"startLine":62,"endLine":62,"startOffset":50,"endOffset":54},"msg":"Source: a user can craft an archive file with malicious content","msgFormattings":[]}]}],"resolution":"FALSE-POSITIVE","status":"RESOLVED","message":"Change this code to not construct the path from file name entry of an archive.","effort":"30min","debt":"30min","tags":["cwe"],"creationDate":"2024-11-21T15:38:05+0000","updateDate":"2025-08-26T00:06:03+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"BLOCKER"}],"issueStatus":"FALSE_POSITIVE","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"845b31e5-40e2-4803-9eae-4e32ce617abc","rule":"javasecurity:S6549","severity":"MAJOR","component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java","project":"sonarqube","line":89,"hash":"d394f87f8fd794d4ca0f6199be693608","textRange":{"startLine":89,"endLine":89,"startOffset":102,"endOffset":116},"flows":[{"locations":[{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java","textRange":{"startLine":89,"endLine":89,"startOffset":102,"endOffset":116},"msg":"Sink: this invocation is not safe; a malicious value can be injected into the caller","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java","textRange":{"startLine":88,"endLine":88,"startOffset":6,"endOffset":48},"msg":"A malicious value can be assigned to variable ‘input’","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java","textRange":{"startLine":88,"endLine":88,"startOffset":19,"endOffset":47},"msg":"This constructor can propagate malicious content to the newly created object","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java","textRange":{"startLine":86,"endLine":86,"startOffset":15,"endOffset":30},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java","textRange":{"startLine":86,"endLine":86,"startOffset":7,"endOffset":14},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/FileAction.java","textRange":{"startLine":56,"endLine":56,"startOffset":18,"endOffset":46},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/FileAction.java","textRange":{"startLine":53,"endLine":53,"startOffset":4,"endOffset":53},"msg":"A malicious value can be assigned to variable ‘filename’","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/FileAction.java","textRange":{"startLine":53,"endLine":53,"startOffset":22,"endOffset":52},"msg":"Source: a user can craft an HTTP request with malicious content","msgFormattings":[]}]}],"resolution":"FALSE-POSITIVE","status":"RESOLVED","message":"Change this code to not construct the path from user-controlled data.","effort":"30min","debt":"30min","tags":["cwe"],"creationDate":"2023-06-08T20:03:08+0000","updateDate":"2026-03-18T14:49:42+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"TRUSTWORTHY","cleanCodeAttributeCategory":"RESPONSIBLE","impacts":[{"softwareQuality":"SECURITY","severity":"MEDIUM"}],"issueStatus":"FALSE_POSITIVE","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":["taint"],"linkedTicketStatus":"NOT_LINKED"},{"key":"33d50387-170e-445d-860d-cbd83ec69b29","rule":"java:S6437","severity":"BLOCKER","component":"sonarqube:server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierImpl.java","project":"sonarqube","line":91,"hash":"fcf1b34df58e12d2e02613c3ebfafccf","textRange":{"startLine":91,"endLine":91,"startOffset":56,"endOffset":63},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Revoke and change this password, as it is compromised.","effort":"1h","debt":"1h","tags":["cwe"],"creationDate":"2021-03-18T20:08:12+0000","updateDate":"2025-03-19T20:21:00+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"TRUSTWORTHY","cleanCodeAttributeCategory":"RESPONSIBLE","impacts":[{"softwareQuality":"SECURITY","severity":"BLOCKER"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"AX8NSvdnEGYw5-dyy92T","rule":"java:S5542","severity":"CRITICAL","component":"sonarqube:sonar-plugin-api-impl/src/main/java/org/sonar/api/config/internal/AesECBCipher.java","project":"sonarqube","line":42,"hash":"90dde6790e4a8cfb264745a7d82e65ce","textRange":{"startLine":42,"endLine":42,"startOffset":67,"endOffset":78},"flows":[{"locations":[{"component":"sonarqube:sonar-plugin-api-impl/src/main/java/org/sonar/api/config/internal/AesECBCipher.java","textRange":{"startLine":33,"endLine":33,"startOffset":2,"endOffset":50},"msg":"Transformation definition","msgFormattings":[]}]}],"resolution":"WONTFIX","status":"RESOLVED","message":"Use a secure padding scheme.","effort":"20min","debt":"20min","tags":["cwe","owasp-a3","owasp-a6","owasp-m5","privacy","sans-top25-porous"],"creationDate":"2021-02-17T20:07:15+0000","updateDate":"2023-09-25T20:50:10+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"TRUSTWORTHY","cleanCodeAttributeCategory":"RESPONSIBLE","impacts":[{"softwareQuality":"SECURITY","severity":"HIGH"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"AX8NSvdnEGYw5-dyy92U","rule":"java:S5542","severity":"CRITICAL","component":"sonarqube:sonar-plugin-api-impl/src/main/java/org/sonar/api/config/internal/AesECBCipher.java","project":"sonarqube","line":56,"hash":"90dde6790e4a8cfb264745a7d82e65ce","textRange":{"startLine":56,"endLine":56,"startOffset":67,"endOffset":78},"flows":[{"locations":[{"component":"sonarqube:sonar-plugin-api-impl/src/main/java/org/sonar/api/config/internal/AesECBCipher.java","textRange":{"startLine":33,"endLine":33,"startOffset":2,"endOffset":50},"msg":"Transformation definition","msgFormattings":[]}]}],"resolution":"WONTFIX","status":"RESOLVED","message":"Use a secure padding scheme.","effort":"20min","debt":"20min","tags":["cwe","owasp-a3","owasp-a6","owasp-m5","privacy","sans-top25-porous"],"creationDate":"2021-02-17T20:07:15+0000","updateDate":"2023-09-25T20:50:10+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"TRUSTWORTHY","cleanCodeAttributeCategory":"RESPONSIBLE","impacts":[{"softwareQuality":"SECURITY","severity":"HIGH"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"29549f5d-d9a6-4a62-9b61-aac44b31231b","rule":"javasecurity:S2083","severity":"BLOCKER","component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/FileAction.java","project":"sonarqube","line":57,"hash":"98087c3bd73a7f4595ba116c805f9561","textRange":{"startLine":57,"endLine":57,"startOffset":6,"endOffset":58},"flows":[{"locations":[{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/FileAction.java","textRange":{"startLine":57,"endLine":57,"startOffset":6,"endOffset":58},"msg":"Sink: this invocation is not safe; a malicious value can be used as argument","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/FileAction.java","textRange":{"startLine":56,"endLine":56,"startOffset":6,"endOffset":47},"msg":"A malicious value can be assigned to variable ‘file’","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/FileAction.java","textRange":{"startLine":56,"endLine":56,"startOffset":18,"endOffset":46},"msg":"This invocation can propagate malicious content to its return value","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java","textRange":{"startLine":88,"endLine":88,"startOffset":6,"endOffset":48},"msg":"A malicious value can be assigned to variable ‘input’","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java","textRange":{"startLine":88,"endLine":88,"startOffset":19,"endOffset":47},"msg":"This constructor can propagate malicious content to the newly created object","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java","textRange":{"startLine":86,"endLine":86,"startOffset":15,"endOffset":30},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/FileAction.java","textRange":{"startLine":53,"endLine":53,"startOffset":4,"endOffset":53},"msg":"A malicious value can be assigned to variable ‘filename’","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/FileAction.java","textRange":{"startLine":53,"endLine":53,"startOffset":22,"endOffset":52},"msg":"Source: a user can craft an HTTP request with malicious content","msgFormattings":[]}]}],"resolution":"FALSE-POSITIVE","status":"RESOLVED","message":"Change this code to not construct the path from user-controlled data.","effort":"30min","debt":"30min","tags":["cwe"],"creationDate":"2017-02-02T16:05:26+0000","updateDate":"2026-03-18T14:49:42+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"BLOCKER"}],"issueStatus":"FALSE_POSITIVE","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":["taint"],"linkedTicketStatus":"NOT_LINKED"},{"key":"AX8NSuCnEGYw5-dyy9hL","rule":"java:S1181","severity":"MAJOR","component":"sonarqube:server/sonar-ce/src/main/java/org/sonar/ce/app/CeServer.java","project":"sonarqube","line":167,"hash":"0325224bb45891ffbfad721ffec46148","textRange":{"startLine":167,"endLine":167,"startOffset":15,"endOffset":24},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Catch Exception instead of Throwable.","effort":"20min","debt":"20min","tags":["bad-practice","cert","cwe","error-handling"],"creationDate":"2016-03-21T15:44:03+0000","updateDate":"2025-07-08T20:21:31+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"CONVENTIONAL","cleanCodeAttributeCategory":"CONSISTENT","impacts":[{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"AX8NSuCnEGYw5-dyy9hM","rule":"java:S1181","severity":"MAJOR","component":"sonarqube:server/sonar-ce/src/main/java/org/sonar/ce/app/CeServer.java","project":"sonarqube","line":184,"hash":"0325224bb45891ffbfad721ffec46148","textRange":{"startLine":184,"endLine":184,"startOffset":15,"endOffset":24},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Catch Exception instead of Throwable.","effort":"20min","debt":"20min","tags":["bad-practice","cert","cwe","error-handling"],"creationDate":"2016-03-21T15:44:03+0000","updateDate":"2025-07-08T20:21:31+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"CONVENTIONAL","cleanCodeAttributeCategory":"CONSISTENT","impacts":[{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"AX8NSsflEGYw5-dyy9Ri","rule":"java:S1874","severity":"MINOR","component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/ws/RuleMapper.java","project":"sonarqube","line":283,"hash":"20d6005eceaffb042d1ae2197913bc54","textRange":{"startLine":283,"endLine":283,"startOffset":42,"endOffset":73},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Remove this use of \"FIELD_DEFAULT_DEBT_REM_FUNCTION\"; it is deprecated.","effort":"15min","debt":"15min","tags":["cert","cwe","obsolete"],"creationDate":"2016-03-16T11:44:04+0000","updateDate":"2025-07-08T20:21:31+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"CONVENTIONAL","cleanCodeAttributeCategory":"CONSISTENT","impacts":[{"softwareQuality":"MAINTAINABILITY","severity":"LOW"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"AX8NSsflEGYw5-dyy9Rj","rule":"java:S1874","severity":"MINOR","component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/ws/RuleMapper.java","project":"sonarqube","line":305,"hash":"f94d9886441469d16e7a371faacd1d9a","textRange":{"startLine":305,"endLine":305,"startOffset":42,"endOffset":65},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Remove this use of \"FIELD_DEBT_REM_FUNCTION\"; it is deprecated.","effort":"15min","debt":"15min","tags":["cert","cwe","obsolete"],"creationDate":"2016-03-16T11:44:04+0000","updateDate":"2025-07-08T20:21:31+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"CONVENTIONAL","cleanCodeAttributeCategory":"CONSISTENT","impacts":[{"softwareQuality":"MAINTAINABILITY","severity":"LOW"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"AVMeeEW0pNJTF0UILA0v","rule":"java:S1874","severity":"MINOR","component":"org.jenkins-ci.plugins:sonar:src/main/java/hudson/plugins/sonar/utils/SonarUtils.java","project":"org.jenkins-ci.plugins:sonar","line":90,"hash":"8e8365c824b22a416766d839ea9e6769","textRange":{"startLine":90,"endLine":90,"startOffset":31,"endOffset":41},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Remove this use of \"getActions\"; it is deprecated.","effort":"15min","debt":"15min","tags":["cwe","obsolete","owasp-a9"],"creationDate":"2016-02-26T16:44:45+0000","updateDate":"2025-07-09T00:55:16+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"CONVENTIONAL","cleanCodeAttributeCategory":"CONSISTENT","impacts":[{"softwareQuality":"MAINTAINABILITY","severity":"LOW"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"AVMdERDYpNJTF0UIK53d","rule":"java:S1874","severity":"MINOR","component":"org.jenkins-ci.plugins:sonar:src/main/java/hudson/plugins/sonar/utils/SonarUtils.java","project":"org.jenkins-ci.plugins:sonar","line":76,"hash":"8e8365c824b22a416766d839ea9e6769","textRange":{"startLine":76,"endLine":76,"startOffset":31,"endOffset":41},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Remove this use of \"getActions\"; it is deprecated.","effort":"15min","debt":"15min","tags":["cwe","obsolete","owasp-a9"],"creationDate":"2016-02-26T10:12:12+0000","updateDate":"2025-07-09T00:55:16+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"CONVENTIONAL","cleanCodeAttributeCategory":"CONSISTENT","impacts":[{"softwareQuality":"MAINTAINABILITY","severity":"LOW"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"AX8NSuBOEGYw5-dyy9hF","rule":"java:S1181","severity":"MAJOR","component":"sonarqube:server/sonar-ce/src/main/java/org/sonar/ce/taskprocessor/CeWorkerImpl.java","project":"sonarqube","line":221,"hash":"0325224bb45891ffbfad721ffec46148","textRange":{"startLine":221,"endLine":221,"startOffset":15,"endOffset":24},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Catch Exception instead of Throwable.","effort":"20min","debt":"20min","tags":["bad-practice","cert","cwe","error-handling"],"creationDate":"2015-09-28T10:22:13+0000","updateDate":"2025-07-08T20:21:31+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"CONVENTIONAL","cleanCodeAttributeCategory":"CONSISTENT","impacts":[{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"AX8NStCgEGYw5-dyy9Yz","rule":"javasecurity:S2631","severity":"CRITICAL","component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/RequestValidator.java","project":"sonarqube","line":78,"hash":"970476a7a3cd93553cd764bcb728b265","textRange":{"startLine":78,"endLine":78,"startOffset":6,"endOffset":37},"flows":[{"locations":[{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/RequestValidator.java","textRange":{"startLine":78,"endLine":78,"startOffset":6,"endOffset":37},"msg":"Sink: this invocation is not safe; a malicious value can be used as argument","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/RequestValidator.java","textRange":{"startLine":72,"endLine":72,"startOffset":61,"endOffset":75},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/RequestValidator.java","textRange":{"startLine":72,"endLine":72,"startOffset":44,"endOffset":53},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/RequestValidator.java","textRange":{"startLine":72,"endLine":72,"startOffset":44,"endOffset":75},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/RequestValidator.java","textRange":{"startLine":72,"endLine":72,"startOffset":21,"endOffset":43},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","textRange":{"startLine":104,"endLine":104,"startOffset":6,"endOffset":77},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","textRange":{"startLine":104,"endLine":104,"startOffset":46,"endOffset":76},"msg":"This invocation can propagate malicious content to its return value","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","textRange":{"startLine":99,"endLine":99,"startOffset":44,"endOffset":73},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","textRange":{"startLine":99,"endLine":99,"startOffset":35,"endOffset":43},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","textRange":{"startLine":95,"endLine":95,"startOffset":56,"endOffset":100},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","textRange":{"startLine":95,"endLine":95,"startOffset":65,"endOffset":99},"msg":"This invocation can propagate malicious content to its return value","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","textRange":{"startLine":63,"endLine":66,"startOffset":11,"endOffset":69},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","textRange":{"startLine":161,"endLine":161,"startOffset":6,"endOffset":48},"msg":"A malicious value can be assigned to the field ‘projectKeyPattern‘","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","textRange":{"startLine":160,"endLine":160,"startOffset":71,"endOffset":88},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","textRange":{"startLine":160,"endLine":160,"startOffset":54,"endOffset":63},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","textRange":{"startLine":160,"endLine":160,"startOffset":54,"endOffset":88},"msg":"This instruction can propagate malicious content","msgFormattings":[]},{"component":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","textRange":{"startLine":66,"endLine":66,"startOffset":28,"endOffset":68},"msg":"Source: a user can craft an HTTP request with malicious content","msgFormattings":[]}]}],"resolution":"WONTFIX","status":"RESOLVED","message":"Change this code to not construct the regular expression from user-controlled data.","effort":"1h","debt":"1h","tags":["cwe","denial-of-service","owasp-a1"],"creationDate":"2015-08-27T07:45:49+0000","updateDate":"2026-03-18T14:49:42+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"EFFICIENT","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"SECURITY","severity":"HIGH"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":["taint"],"linkedTicketStatus":"NOT_LINKED"},{"key":"AX8NSt55EGYw5-dyy9gV","rule":"java:S112","severity":"MAJOR","component":"sonarqube:server/sonar-db-profiling/src/main/java/org/sonar/db/profiling/InvocationUtils.java","project":"sonarqube","line":31,"hash":"a25f8f095c882d59a46ae4ba36de0b61","textRange":{"startLine":31,"endLine":31,"startOffset":84,"endOffset":93},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Replace generic exceptions with specific library exceptions or a custom exception.","effort":"20min","debt":"20min","tags":["cert","cwe","error-handling"],"creationDate":"2015-07-04T15:00:08+0000","updateDate":"2026-02-17T20:34:29+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"AX8NSvryEGYw5-dyy956","rule":"java:S112","severity":"MAJOR","component":"sonarqube:sonar-core/src/main/java/org/sonar/core/util/CloseableIterator.java","project":"sonarqube","line":151,"hash":"a86d64ca9f37825c97e32322f8d833df","textRange":{"startLine":151,"endLine":151,"startOffset":43,"endOffset":52},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Replace generic exceptions with specific library exceptions or a custom exception.","effort":"20min","debt":"20min","tags":["cert","cwe","error-handling"],"creationDate":"2015-01-20T12:27:35+0000","updateDate":"2025-10-01T20:22:03+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"MAINTAINABILITY","severity":"MEDIUM"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"},{"key":"AX8NSv3nEGYw5-dyy98D","rule":"java:S899","severity":"MINOR","component":"sonarqube:sonar-testing-harness/src/main/java/org/sonar/test/i18n/BundleSynchronizedMatcher.java","project":"sonarqube","line":119,"hash":"770165af24ff84501026eb0b4e8f39b8","textRange":{"startLine":119,"endLine":119,"startOffset":6,"endOffset":24},"flows":[],"resolution":"WONTFIX","status":"RESOLVED","message":"Do something with the \"boolean\" value returned by \"delete\".","effort":"15min","debt":"15min","tags":["cert","cwe","error-handling"],"creationDate":"2011-09-02T16:03:38+0000","updateDate":"2023-09-25T20:50:10+0000","type":"VULNERABILITY","scope":"MAIN","quickFixAvailable":false,"messageFormattings":[],"codeVariants":[],"cleanCodeAttribute":"COMPLETE","cleanCodeAttributeCategory":"INTENTIONAL","impacts":[{"softwareQuality":"RELIABILITY","severity":"LOW"}],"issueStatus":"ACCEPTED","prioritizedRule":false,"fromSonarQubeUpdate":false,"internalTags":[],"linkedTicketStatus":"NOT_LINKED"}],"components":[{"key":"sonarqube:sonar-testing-harness/src/main/java/org/sonar/test/i18n/BundleSynchronizedMatcher.java","enabled":true,"qualifier":"FIL","name":"BundleSynchronizedMatcher.java","longName":"sonar-testing-harness/src/main/java/org/sonar/test/i18n/BundleSynchronizedMatcher.java","path":"sonar-testing-harness/src/main/java/org/sonar/test/i18n/BundleSynchronizedMatcher.java"},{"key":"rspec-tools:rspec_tools/coverage.py","enabled":true,"qualifier":"FIL","name":"coverage.py","longName":"rspec_tools/coverage.py","path":"rspec_tools/coverage.py"},{"key":"SonarSource_sonar-iac:iac-extensions/jvm-framework-config/src/main/java/org/sonar/iac/jvmframeworkconfig/checks/common/AbstractHardcodedSecrets.java","enabled":true,"qualifier":"FIL","name":"AbstractHardcodedSecrets.java","longName":"iac-extensions/jvm-framework-config/src/main/java/org/sonar/iac/jvmframeworkconfig/checks/common/AbstractHardcodedSecrets.java","path":"iac-extensions/jvm-framework-config/src/main/java/org/sonar/iac/jvmframeworkconfig/checks/common/AbstractHardcodedSecrets.java"},{"key":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/non-default-security-context-values.yaml","enabled":true,"qualifier":"FIL","name":"non-default-security-context-values.yaml","longName":"tests/unit-compatibility-test/fixtures/sonarqube/non-default-security-context-values.yaml","path":"tests/unit-compatibility-test/fixtures/sonarqube/non-default-security-context-values.yaml"},{"key":"rspec-tools:rspec_tools/create_rule.py","enabled":true,"qualifier":"FIL","name":"create_rule.py","longName":"rspec_tools/create_rule.py","path":"rspec_tools/create_rule.py"},{"key":"SonarSource_sonar-iac","enabled":true,"qualifier":"TRK","name":"SonarIaC","longName":"SonarIaC"},{"key":"rspec-tools:rspec_tools/utils.py","enabled":true,"qualifier":"FIL","name":"utils.py","longName":"rspec_tools/utils.py","path":"rspec_tools/utils.py"},{"key":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","enabled":true,"qualifier":"FIL","name":"CreateTemplateAction.java","longName":"server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java","path":"server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/ws/template/CreateTemplateAction.java"},{"key":"SonarSource_helm-chart-sonarqube","enabled":true,"qualifier":"TRK","name":"helm-chart-sonarqube","longName":"helm-chart-sonarqube"},{"key":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/serviceaccount-values.yaml","enabled":true,"qualifier":"FIL","name":"serviceaccount-values.yaml","longName":"tests/unit-compatibility-test/fixtures/sonarqube/serviceaccount-values.yaml","path":"tests/unit-compatibility-test/fixtures/sonarqube/serviceaccount-values.yaml"},{"key":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/change-admin-password-hook-values.yaml","enabled":true,"qualifier":"FIL","name":"change-admin-password-hook-values.yaml","longName":"tests/unit-compatibility-test/fixtures/sonarqube-dce/change-admin-password-hook-values.yaml","path":"tests/unit-compatibility-test/fixtures/sonarqube-dce/change-admin-password-hook-values.yaml"},{"key":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java","enabled":true,"qualifier":"FIL","name":"BatchIndex.java","longName":"server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java","path":"server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java"},{"key":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/ws/RuleMapper.java","enabled":true,"qualifier":"FIL","name":"RuleMapper.java","longName":"server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/ws/RuleMapper.java","path":"server/sonar-webserver-webapi/src/main/java/org/sonar/server/rule/ws/RuleMapper.java"},{"key":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/sonar-web-context-deprecated-values.yaml","enabled":true,"qualifier":"FIL","name":"sonar-web-context-deprecated-values.yaml","longName":"tests/unit-compatibility-test/fixtures/sonarqube-dce/sonar-web-context-deprecated-values.yaml","path":"tests/unit-compatibility-test/fixtures/sonarqube-dce/sonar-web-context-deprecated-values.yaml"},{"key":"rspec-tools:rspec_tools/repo.py","enabled":true,"qualifier":"FIL","name":"repo.py","longName":"rspec_tools/repo.py","path":"rspec_tools/repo.py"},{"key":"org.sonarsource.python:python","enabled":true,"qualifier":"TRK","name":"Python Enterprise","longName":"Python Enterprise"},{"key":"sonarqube:server/sonar-ce/src/main/java/org/sonar/ce/taskprocessor/CeWorkerImpl.java","enabled":true,"qualifier":"FIL","name":"CeWorkerImpl.java","longName":"server/sonar-ce/src/main/java/org/sonar/ce/taskprocessor/CeWorkerImpl.java","path":"server/sonar-ce/src/main/java/org/sonar/ce/taskprocessor/CeWorkerImpl.java"},{"key":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/sonar-web-context-values.yaml","enabled":true,"qualifier":"FIL","name":"sonar-web-context-values.yaml","longName":"tests/unit-compatibility-test/fixtures/sonarqube-dce/sonar-web-context-values.yaml","path":"tests/unit-compatibility-test/fixtures/sonarqube-dce/sonar-web-context-values.yaml"},{"key":"org.jenkins-ci.plugins:sonar:src/main/java/hudson/plugins/sonar/utils/SonarUtils.java","enabled":true,"qualifier":"FIL","name":"SonarUtils.java","longName":"src/main/java/hudson/plugins/sonar/utils/SonarUtils.java","path":"src/main/java/hudson/plugins/sonar/utils/SonarUtils.java"},{"key":"sonarqube:server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierImpl.java","enabled":true,"qualifier":"FIL","name":"DefaultAdminCredentialsVerifierImpl.java","longName":"server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierImpl.java","path":"server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVerifierImpl.java"},{"key":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/FileAction.java","enabled":true,"qualifier":"FIL","name":"FileAction.java","longName":"server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/FileAction.java","path":"server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/FileAction.java"},{"key":"SonarSource_sonarqube-mcp-server:src/main/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsClient.java","enabled":true,"qualifier":"FIL","name":"AnalyticsClient.java","longName":"src/main/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsClient.java","path":"src/main/java/org/sonarsource/sonarqube/mcp/analytics/AnalyticsClient.java"},{"key":"SonarSource_sonar-scanner-npm","enabled":true,"qualifier":"TRK","name":"SonarScanner for NPM","longName":"SonarScanner for NPM"},{"key":"sonarqube:server/sonar-ce/src/main/java/org/sonar/ce/app/CeServer.java","enabled":true,"qualifier":"FIL","name":"CeServer.java","longName":"server/sonar-ce/src/main/java/org/sonar/ce/app/CeServer.java","path":"server/sonar-ce/src/main/java/org/sonar/ce/app/CeServer.java"},{"key":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/sonar-web-context-deployment-deprecated-values.yaml","enabled":true,"qualifier":"FIL","name":"sonar-web-context-deployment-deprecated-values.yaml","longName":"tests/unit-compatibility-test/fixtures/sonarqube/sonar-web-context-deployment-deprecated-values.yaml","path":"tests/unit-compatibility-test/fixtures/sonarqube/sonar-web-context-deployment-deprecated-values.yaml"},{"key":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/ingress-with-controller.yaml","enabled":true,"qualifier":"FIL","name":"ingress-with-controller.yaml","longName":"tests/unit-compatibility-test/fixtures/sonarqube/ingress-with-controller.yaml","path":"tests/unit-compatibility-test/fixtures/sonarqube/ingress-with-controller.yaml"},{"key":"sonarqube:sonar-plugin-api-impl/src/main/java/org/sonar/api/config/internal/AesECBCipher.java","enabled":true,"qualifier":"FIL","name":"AesECBCipher.java","longName":"sonar-plugin-api-impl/src/main/java/org/sonar/api/config/internal/AesECBCipher.java","path":"sonar-plugin-api-impl/src/main/java/org/sonar/api/config/internal/AesECBCipher.java"},{"key":"org.sonarsource.python:python:.github/actions/setup-orchestrator-cache/action.yml","enabled":true,"qualifier":"FIL","name":"action.yml","longName":".github/actions/setup-orchestrator-cache/action.yml","path":".github/actions/setup-orchestrator-cache/action.yml"},{"key":"sonarqube","enabled":true,"qualifier":"TRK","name":"SonarQube","longName":"SonarQube"},{"key":"SonarSource_sonarqube-mcp-server","enabled":true,"qualifier":"TRK","name":"SonarQube MCP Server","longName":"SonarQube MCP Server"},{"key":"SonarSource_helm-chart-sonarqube:.github/workflows/release.yml","enabled":true,"qualifier":"FIL","name":"release.yml","longName":".github/workflows/release.yml","path":".github/workflows/release.yml"},{"key":"sonarqube:sonar-core/src/main/java/org/sonar/core/util/CloseableIterator.java","enabled":true,"qualifier":"FIL","name":"CloseableIterator.java","longName":"sonar-core/src/main/java/org/sonar/core/util/CloseableIterator.java","path":"sonar-core/src/main/java/org/sonar/core/util/CloseableIterator.java"},{"key":"rspec-tools","enabled":true,"qualifier":"TRK","name":"rspec-tools","longName":"rspec-tools"},{"key":"SonarSource_sonar-scanner-npm:src/file.ts","enabled":true,"qualifier":"FIL","name":"file.ts","longName":"src/file.ts","path":"src/file.ts"},{"key":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/sonar-web-context-values.yaml","enabled":true,"qualifier":"FIL","name":"sonar-web-context-values.yaml","longName":"tests/unit-compatibility-test/fixtures/sonarqube/sonar-web-context-values.yaml","path":"tests/unit-compatibility-test/fixtures/sonarqube/sonar-web-context-values.yaml"},{"key":"org.jenkins-ci.plugins:sonar","enabled":true,"qualifier":"TRK","name":"SonarQube Scanner for Jenkins","longName":"SonarQube Scanner for Jenkins"},{"key":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/ingress-with-controller.yaml","enabled":true,"qualifier":"FIL","name":"ingress-with-controller.yaml","longName":"tests/unit-compatibility-test/fixtures/sonarqube-dce/ingress-with-controller.yaml","path":"tests/unit-compatibility-test/fixtures/sonarqube-dce/ingress-with-controller.yaml"},{"key":"sonarqube:server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/RequestValidator.java","enabled":true,"qualifier":"FIL","name":"RequestValidator.java","longName":"server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/RequestValidator.java","path":"server/sonar-webserver-webapi/src/main/java/org/sonar/server/permission/RequestValidator.java"},{"key":"sonarqube:server/sonar-db-profiling/src/main/java/org/sonar/db/profiling/InvocationUtils.java","enabled":true,"qualifier":"FIL","name":"InvocationUtils.java","longName":"server/sonar-db-profiling/src/main/java/org/sonar/db/profiling/InvocationUtils.java","path":"server/sonar-db-profiling/src/main/java/org/sonar/db/profiling/InvocationUtils.java"},{"key":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/sonar-web-context-sts-deprecated-values.yaml","enabled":true,"qualifier":"FIL","name":"sonar-web-context-sts-deprecated-values.yaml","longName":"tests/unit-compatibility-test/fixtures/sonarqube/sonar-web-context-sts-deprecated-values.yaml","path":"tests/unit-compatibility-test/fixtures/sonarqube/sonar-web-context-sts-deprecated-values.yaml"},{"key":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/change-admin-password-hook-values.yaml","enabled":true,"qualifier":"FIL","name":"change-admin-password-hook-values.yaml","longName":"tests/unit-compatibility-test/fixtures/sonarqube/change-admin-password-hook-values.yaml","path":"tests/unit-compatibility-test/fixtures/sonarqube/change-admin-password-hook-values.yaml"},{"key":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube-dce/secret-values.yaml","enabled":true,"qualifier":"FIL","name":"secret-values.yaml","longName":"tests/unit-compatibility-test/fixtures/sonarqube-dce/secret-values.yaml","path":"tests/unit-compatibility-test/fixtures/sonarqube-dce/secret-values.yaml"},{"key":"SonarSource_helm-chart-sonarqube:tests/unit-compatibility-test/fixtures/sonarqube/secret-values.yaml","enabled":true,"qualifier":"FIL","name":"secret-values.yaml","longName":"tests/unit-compatibility-test/fixtures/sonarqube/secret-values.yaml","path":"tests/unit-compatibility-test/fixtures/sonarqube/secret-values.yaml"}],"facets":[]}