Finding which rule is associated with a security hotspot

If I go to the issues page in my local sonarqube install (, I see code smells. When I click on “why is this an issue?” for a given code smell, I see the “S-code” associated with the rule that was triggered. However, is not the case when I select one of the security hotspots. I am told what is the issue, and can review it, but I am not told the rule s-number so I can track it down on

Am I missing something?

Hey there.

You’re not missing anything – SONAR-13509 is a ticket you can track where the aim is to expose the Rule ID and a link to the rule.

In the meantime, you can filter down to Security Hotspots in the Rules tab of your SonarQube instance and make an educated guess.

In what context are you usually doing this? To send a link to a colleague, have more details, …?