Using Azure Devops.
Scanner: SonarScanner extension
Note: I am using a separate branch for implementing the sonarcloud steps, the master branch has not yet been scanned or analyzed. (my branch name is branch-sonarcloud, it is a categorized as long living branch)
Most of my dotnet core projects are scanning okay, i can get the coverage and unit tests data in the project, however, All of my projects does not have any data in the vulnerability or security hotspots sections. I’m just wondering if I have missed something? How to I enable this?
from: analyze logs
2021-02-12T03:07:12.1275596Z INFO: Sensor CSharpSecuritySensor [security]
2021-02-12T03:07:12.1276197Z INFO: Reading type hierarchy from: D:\a\1.sonarqube\out\ucfg_cs2
2021-02-12T03:07:12.4286767Z INFO: Read 1248 type definitions
2021-02-12T03:07:12.4884331Z INFO: Reading UCFGs from: D:\a\1.sonarqube\out\ucfg_cs2
2021-02-12T03:07:13.8192536Z INFO: No UCFGs have been included for analysis.
2021-02-12T03:07:13.8544688Z INFO: Sensor CSharpSecuritySensor [security] (done) | time=1780ms
I’ve checked the docs and it doesn’t say anything about extra steps for configuring the vuln and hotspots feature.