- ALM used: GitHub
- CI system used: GitHub Actions
- Scanner command used when applicable: instructions (guided wizard) under SonarCloud
- Languages of the repository: C# and HCL
- Only if the SonarCloud project is public, the URL: GitHub - rufer7/github-sonarcloud-integration: Scan and analyze GitHub repository with SonarCloud
- Error observed: after switching from automatic analysis to CI-based analysis, GitHub scanning alerts (under Security tab of the repo) are not updated even if the SonarCloud project is properly bound to the GitHub repository
- Steps to reproduce:
- Push change to default branch (develop)
- GitHub action executes automatically and succeeds
- Security hotspots are not synced to GitHub code scanning alerts
Or am I wrong and only the findings listed under security in SonarCloud are synced with GitHub code scanning alerts?