Dash on Security Report

Can someone please help me with why there’s a dash - on the security report output? What does this indicate?

Hello @sonarguy,

The dash on the Security Report page means: there is no Security rule corresponding to that specific CWE available in this SonarQube instance, so it means nothing was checked for this specific CWE.

I was surprised to see nothing for CWE-416 for example, and then I remembered that it’s because the C++ rule S3529 corresponding to CWE-416 is qualified as a Bug issue, not a Vulnerability one, this is why you have a dash.

Regards
Alex