SPCAF Results Severity Mappings in SonarQube

Once you have performed your analysis in SonarQube you will have the results which then shows the severity if any with your project. Below is a table of what those severity means in SonarQube.

Blocker Operational/security risk: This issue might make the whole application unstable in production. Ex: calling garbage collector, not closing a socket, etc.
Critical Operational/security risk: This issue might lead to an unexpected behavior in production without impacting the integrity of the whole application. Ex: NullPointerException, badly caught exceptions, lack of unit tests, etc.
Major This issue might have a substantial impact on productivity. Ex: too complex methods, package cycles, etc.
Minor This issue might have a potential and minor impact on productivity. Ex: naming conventions, Finalizer does nothing but call superclass finalizer, etc.
Info Unknown or not yet well defined security risk or impact on productivity.

So how do these severity levels in SonarQube map to those of SPCAF

As there is the same number of levels of severity on both systems the mapping is straight forward as you can see in the table below:

Critical Critical Error 
Error
Major Critical Warning
Minor Warning
Info Information

For a detailed explanation for the SPCAF Severity levels please go to the Knowledge Base article What do the reports mean after the SPCAF analysis?

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.