Hello,
Not too long ago I was able to get help on an issue and learned that in React you have to explicitly import components WITH their extensions for a security scan to run. This is important for Sonar to see that a piece of code is running and therefore it should run security tests on it. However, I’m finding even this fix to be inconsistent. Sonar is still missing security issues when I run the sonar-scanner on my react code base.
The only security issues being found are those at the top most parent level. Anything deeper is being ignored (Code quality tests are working fine)
Here’s the original issue that was resolved for context