Description
Is your feature request related to a problem? Please describe.
I just started using this plugin and configured it to use the Security Hotspot feature of SonarQube.
However, since the plugin writes everything in issue's title, this make it impossible for us to correctly review those reports.
Also, at least for the Maven version, all the created issues are linked to the first line of pom.xml instead of being linked to the correct line.
Describe the solution you'd like
Given the following hotspot in my project
Filename: keycloak-core-4.8.0.Final.jar | Reference: CVE-2019-3868 | CVSS Score: 3.8 | Category: CWE-200 | Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session.
- Review priority should be based on CVSS score
- Category should be either the CVE or the CWE (or maybe a new category for dependencies only)
- Title could be something like filename [reference] instead of the full report content
- The part after category should be added as the description instead of being in the title
- In the description, a link to the reported CVE should be added (linking only to CWE-937 defeats the purpose of the tool as we're missing the details for the real issue)
The goal is to make evrything easier to navigate, especially when you have a big number of active issues.