I scanned a project in which I intentionally wrote buggy code according to the rules I selected.
After the scan, only code duplications are reported. Other violations are not reported.
For info my quality profile is SonarWay+All MISRA rules
I solved the issue. We are using CMake to build, and we wrongly run the build wrapper for the CMake configure step instead of the build step.
What is really misleading is that the Sonar Web UI shows that it scanned all our files, which is clearly not the case because the configure step consists only of compiler detection programs provided by CMake.
We has to look into the json dump of the build wrapper to figure out that it did not grab our files.