Hi,
Again, Security Hotspots aren’t synched in PRs / MRs.
However,
If you’re seeing these Security Hotspots raised in an MR on unchanged code, then that implies a problem with the SCM data that’s available to analysis, and that problem probably shows up the analysis log.
Can you make sure the prerequisites are in place?
And if so, and these Security Hotspots on untouched code still show up, then can you share your analysis log?
The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.
This guide will help you find them.
Thx,
Ann