Must-share information (formatted with Markdown):
- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube 126.96.36.199448 SonarScanner 188.8.131.520
- what are you trying to achieve
I tried to run a PHP scan on my code, specifically to look for security warning / hotspots. The analysis run in SonarQube is good and I able to view some warnings in SonarQube.
However, I also tried our SonarCloud at the same time. Using the same code, it seems like SonarCloud are able to report more warning using some extra rules.
For example, please take a look at images below, the one from SonarCloud shows 208 vulnerability rules but I only see 97 rules in SonarQube running locally.
- what have you tried so far to achieve this
I thought it’s because I am using older version of Sonar Scanner with lesser rules. So I tried to upgrade the version of SonarScanner to latest 4.4 but still the same.