I have recently upgraded from SonarQube CE 7.6 to Version CE 7.9.1 and also updated SonarScanner from version 2 to version 3.
I notice on exactly the same (source code) build and scan that some of the Security Vulnerabilities are no longer reported as Security Vulnerabilities, but instead are logged in the Security Hotspots.
I am referring to issues that were deemed as a Blocker and Critical Security Vulnerabilities (in 7.6) are now not flagged as such (in 7.9.1) but are reported as a Security Hotspot.
I was wondering if anyone else had experienced this before and could shed some light on different results. thanks