Skip to content

MCP-221 Introduce new tools for Security Hotspot #205

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nquinquenel wants to merge 2 commits into
base: master
Choose a base branch
from
Open

MCP-221 Introduce new tools for Security Hotspot #205

nquinquenel wants to merge 2 commits into from
+1,853 −18

Conversation

@nquinquenel
Copy link
Member

@nquinquenel nquinquenel commented Feb 10, 2026
edited
Loading

image image

@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Feb 10, 2026
edited by atlassian bot
Loading

MCP-221

@nquinquenel nquinquenel force-pushed the feature/nq/MCP-221-tool-security-hotspot branch from 0844d5a to 3c97ffe Compare February 11, 2026 15:45
@nquinquenel nquinquenel marked this pull request as ready for review February 11, 2026 17:57
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 11, 2026

SonarQube reviewer guide

Review in SonarQube

Summary: Add Security Hotspots toolset with three new tools to search, view details, and manage Security Hotspot review status in SonarQube projects.

Review Focus:

  • The HotspotsApi class handles API communication with proper parameter building and URL encoding
  • Validation logic in ChangeSecurityHotspotStatusTool ensures resolution is required for REVIEWED status and forbidden for TO_REVIEW
  • Response mapping from API responses to tool responses maintains data integrity through nested record transformations
  • Comprehensive test coverage validates both SonarQube Cloud and Server scenarios with proper error handling

Start review at: src/main/java/org/sonarsource/sonarqube/mcp/serverapi/hotspots/HotspotsApi.java. This is the core API integration layer that all tools depend on, and its correctness directly impacts search, show, and status change functionality.

💬 Please send your feedback

Quality Gate Passed Quality Gate passed

Issues
0 New issues
3 Accepted issues
0 Dependency risks

Measures
0 Security Hotspots
84.9% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eray-felek-sonarsource eray-felek-sonarsource Awaiting requested review from eray-felek-sonarsource

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nquinquenel