This section deals with the false positives. In general, a static code analysis tool analyzes a source code against a set of rules and reports a violation when it finds a violation pattern in the source code. However, when we review the pattern and find that the violation is not correct in the context, then the reported violation is a false positive.

Static analysis tools report violations, but we have to filter out correct rule sets and remove the false positive rules. The SonarQube manual code review feature enables you to review code, add comments, and flag violations as false positives. The following Sonar URL describes how to review violations and flag violations as false positives: http://www.sonarqube.org/sonar-2-8-in-screenshots/.