Hoping to get some assistance on what seems to be a fairly straightforward issue.
I am trying to enforce some of my Quality Profile rules in Visual Studio through the Sonar Analyzers provided by the SonarAnalyzer.CSharp NuGet. To get the actual ruleset XML, I use the SonarLint for Visual Studio Rule Set exporter option in the SonarQube UI, and just point to it locally through my project configuration. Everything seems to work fine. However, I noticed that the rules that come from the roslyn.sonaranalyzer.security.cs repo are excluded by default from the actual XML export above. Upon further research, I see they are also excluded from the SonarAnalyzer.CSharp Analyzer.
On the other hand, if I try and use the Technical exporter for the MSBuild SonarQube Scanner exporter, I see it listed under a different Analyzer, SonarAnalyzer.Security, seemingly included in a NuGet by the same name. I can’t, however, seem to find that NuGet and so cannot seem to make use of that Analyzer and by extension, of the rules that it includes.
Any guidance here please?