Must-share information (formatted with Markdown):
- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension): 8.9.6
- what are you trying to achieve : Security Vulnerability Notification on scanning
- what have you tried so far to achieve this
You’ll have to provide some more details. What notification did you receive, and what the discrepancy? Additional information like screenshots are invaluable here.
We have email notifications enabled in SonarQube, which basically shows the # of bugs, vulnerabilities and code smells identified in the scan. This email notification had the vulnerability count as 0, however One security vulnerability was identified in the sonar scan, the vulnerability is " XML parsers should not be vulnerable to XXE attacks".
Can you share a screenshot of the e-mail notification, and of your project dashboard showing conflicting information?
In this screenshot vulnerability is shown as 0, but once after this scan the vulnerability count in the dashboard is 1