Can't view security hotspots

no errors presents in the any log files

can you please help ?


Welcome to the community, and thanks for this report.

Can you share what languages are in this project, and also any 3rd-party plugins you’ve installed?


  • PHP language
  • only plugins from the marketplace


Plugins from the marketplace are not all maintained by SonarSource and a lot of them are contributed by the community. It is possible that one of them is not feeding the expected data since the Security Hotspots UI is new.

Do you reproduce the problem with a vanilla SonarQube CE instance downloaded from

In all cases, sharing your System Info file with the list of plugins installed would help:

Would you also be able to share a link to a project we could analyze to reproduce the problem?


i’ve attached the system info file as requested

sonarqube-support-info-1AD9A096-AXOZMX6-oeYvHxIODRcK-2020-8-20-10-36.json (25.6 KB)

is there a way to identify which plugin that is causing issues ?

I suggest that you remove the “ansible”: “2.3.0 [Ansible Lint]” plugin that is the only analyzer/plugin not provided by SonarSource, restart SQ and re-analyze your project to see if this is the root cause of the problem.

I’ve removed the ansible plugin and analysed the project again but still the same error


The Ansible Plugin is not the root cause. The problem is coming from a missing line information one Security Hotspots raised on .ini files.
As a temporary workaround, I suggest that you exclude .ini files from the scope of your analysis and you should be able to access the Security Hotspots page.


ok , but is it something that will be fixed in upcoming sonarqube release or what ?

Yes, I confirm this is something we want to fix. What I shared with you is a temporary workaround to unlock you.


Here is the ticket to follow the resolution of this problem:


I have seen something similar when I tried to import OWASP reports from the Dependency Check plugin.
The root cause in this case was that the violation pointed to a source file that was not included among “sonar.sources”. In my case the build.gradle files.

For me it worked after changing:

property "sonar.sources", "src/main"


property "sonar.sources", "src/main,build.gradle"