Not all security issues graded in report

Scanner CLI version 5.0.1.3006 windows
Sonarqube version 10.2
Latest build Wrapper

c++ project. unable to share code.

When I run the sonarscanner everything seems to work, but the security report is only showing partial grading. See attachment. I’m not sure why all the items aren’t being graded. Its like this for all the report types. I’ve tried googling the issue but I’m not finding anything. I would like to know what code cause this.

cmd line arguments I use to run the sonarscanner

%sonarScannerMsBuildExePath% -Dbegin -X -Dsonar.projectName=“XXXX” -Dsonar.projectKey=“XXXX” -Dsonar.host.url=“https://XXXX” -Dsonar.token=“XXXX” -Dsonar.cfamily.build-wrapper-output=%buildWrapperOutput%

%sonarScannerBuildWrapperWinX86_X64Exe% --out-dir build_wrapper_output_directory %msBuildExePath% SlimDX.sln /t:Rebuild /p:Configuration=Debug /p:Platform=x64 /nodeReuse:False

%sonarScannerMsBuildExePath% -Dend -Dsonar.projectKey=“XXXX”

image1393×804 44.8 KB

Thank you for any help you can give.

Justin

Some languages simply don’t have rules for certain categories of security rules, and this would be what’s happening here. Sonar C and C++ analyzer offers only a limited set of security rules. So far we have maintained our focus on the quality of the code rather than its security. Yet, as you might know, quality and security are correlated.

In particular, we have not invested in the detection of injection vulnerabilities. We do have it on our radar, however.

Thank you for the response. Not sure if my cybersecurity group will approve the software without all the items being graded. I guess we’ll see.